xref: /illumos-gate/usr/src/lib/libproc/common/Pcore.c (revision 1b500975aaacf8b5d0e18c9a117bf5560069ffc3)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 /*
26  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
27  * Copyright (c) 2018, Joyent, Inc. All rights reserved.
28  * Copyright (c) 2013 by Delphix. All rights reserved.
29  * Copyright 2015 Gary Mills
30  * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
31  */
32 
33 #include <sys/types.h>
34 #include <sys/utsname.h>
35 #include <sys/sysmacros.h>
36 #include <sys/proc.h>
37 
38 #include <alloca.h>
39 #include <rtld_db.h>
40 #include <libgen.h>
41 #include <limits.h>
42 #include <string.h>
43 #include <stdlib.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <gelf.h>
47 #include <stddef.h>
48 #include <signal.h>
49 
50 #include "libproc.h"
51 #include "Pcontrol.h"
52 #include "P32ton.h"
53 #include "Putil.h"
54 #include "proc_fd.h"
55 #ifdef __x86
56 #include "Pcore_linux.h"
57 #endif
58 
59 /*
60  * Pcore.c - Code to initialize a ps_prochandle from a core dump.  We
61  * allocate an additional structure to hold information from the core
62  * file, and attach this to the standard ps_prochandle in place of the
63  * ability to examine /proc/<pid>/ files.
64  */
65 
66 /*
67  * Basic i/o function for reading and writing from the process address space
68  * stored in the core file and associated shared libraries.  We compute the
69  * appropriate fd and offsets, and let the provided prw function do the rest.
70  */
71 static ssize_t
72 core_rw(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
73     ssize_t (*prw)(int, void *, size_t, off64_t))
74 {
75 	ssize_t resid = n;
76 
77 	while (resid != 0) {
78 		map_info_t *mp = Paddr2mptr(P, addr);
79 
80 		uintptr_t mapoff;
81 		ssize_t len;
82 		off64_t off;
83 		int fd;
84 
85 		if (mp == NULL)
86 			break;	/* No mapping for this address */
87 
88 		if (mp->map_pmap.pr_mflags & MA_RESERVED1) {
89 			if (mp->map_file == NULL || mp->map_file->file_fd < 0)
90 				break;	/* No file or file not open */
91 
92 			fd = mp->map_file->file_fd;
93 		} else
94 			fd = P->asfd;
95 
96 		mapoff = addr - mp->map_pmap.pr_vaddr;
97 		len = MIN(resid, mp->map_pmap.pr_size - mapoff);
98 		off = mp->map_offset + mapoff;
99 
100 		if ((len = prw(fd, buf, len, off)) <= 0)
101 			break;
102 
103 		resid -= len;
104 		addr += len;
105 		buf = (char *)buf + len;
106 	}
107 
108 	/*
109 	 * Important: Be consistent with the behavior of i/o on the as file:
110 	 * writing to an invalid address yields EIO; reading from an invalid
111 	 * address falls through to returning success and zero bytes.
112 	 */
113 	if (resid == n && n != 0 && prw != pread64) {
114 		errno = EIO;
115 		return (-1);
116 	}
117 
118 	return (n - resid);
119 }
120 
121 /*ARGSUSED*/
122 static ssize_t
123 Pread_core(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
124     void *data)
125 {
126 	return (core_rw(P, buf, n, addr, pread64));
127 }
128 
129 /*ARGSUSED*/
130 static ssize_t
131 Pwrite_core(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
132     void *data)
133 {
134 	return (core_rw(P, (void *)buf, n, addr,
135 	    (ssize_t (*)(int, void *, size_t, off64_t)) pwrite64));
136 }
137 
138 /*ARGSUSED*/
139 static int
140 Pcred_core(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
141 {
142 	core_info_t *core = data;
143 
144 	if (core->core_cred != NULL) {
145 		/*
146 		 * Avoid returning more supplementary group data than the
147 		 * caller has allocated in their buffer.  We expect them to
148 		 * check pr_ngroups afterward and potentially call us again.
149 		 */
150 		ngroups = MIN(ngroups, core->core_cred->pr_ngroups);
151 
152 		(void) memcpy(pcrp, core->core_cred,
153 		    sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t));
154 
155 		return (0);
156 	}
157 
158 	errno = ENODATA;
159 	return (-1);
160 }
161 
162 /*ARGSUSED*/
163 static int
164 Psecflags_core(struct ps_prochandle *P, prsecflags_t **psf, void *data)
165 {
166 	core_info_t *core = data;
167 
168 	if (core->core_secflags == NULL) {
169 		errno = ENODATA;
170 		return (-1);
171 	}
172 
173 	if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
174 		return (-1);
175 
176 	(void) memcpy(*psf, core->core_secflags, sizeof (prsecflags_t));
177 
178 	return (0);
179 }
180 
181 /*ARGSUSED*/
182 static int
183 Ppriv_core(struct ps_prochandle *P, prpriv_t **pprv, void *data)
184 {
185 	core_info_t *core = data;
186 
187 	if (core->core_priv == NULL) {
188 		errno = ENODATA;
189 		return (-1);
190 	}
191 
192 	*pprv = malloc(core->core_priv_size);
193 	if (*pprv == NULL) {
194 		return (-1);
195 	}
196 
197 	(void) memcpy(*pprv, core->core_priv, core->core_priv_size);
198 	return (0);
199 }
200 
201 /*ARGSUSED*/
202 static const psinfo_t *
203 Ppsinfo_core(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
204 {
205 	return (&P->psinfo);
206 }
207 
208 /*ARGSUSED*/
209 static void
210 Pfini_core(struct ps_prochandle *P, void *data)
211 {
212 	core_info_t *core = data;
213 
214 	if (core != NULL) {
215 		extern void __priv_free_info(void *);
216 		lwp_info_t *nlwp, *lwp = list_next(&core->core_lwp_head);
217 		int i;
218 
219 		for (i = 0; i < core->core_nlwp; i++, lwp = nlwp) {
220 			nlwp = list_next(lwp);
221 #ifdef __sparc
222 			if (lwp->lwp_gwins != NULL)
223 				free(lwp->lwp_gwins);
224 			if (lwp->lwp_xregs != NULL)
225 				free(lwp->lwp_xregs);
226 			if (lwp->lwp_asrs != NULL)
227 				free(lwp->lwp_asrs);
228 #endif
229 			free(lwp);
230 		}
231 
232 		if (core->core_platform != NULL)
233 			free(core->core_platform);
234 		if (core->core_uts != NULL)
235 			free(core->core_uts);
236 		if (core->core_cred != NULL)
237 			free(core->core_cred);
238 		if (core->core_priv != NULL)
239 			free(core->core_priv);
240 		if (core->core_privinfo != NULL)
241 			__priv_free_info(core->core_privinfo);
242 		if (core->core_ppii != NULL)
243 			free(core->core_ppii);
244 		if (core->core_zonename != NULL)
245 			free(core->core_zonename);
246 		if (core->core_secflags != NULL)
247 			free(core->core_secflags);
248 #ifdef __x86
249 		if (core->core_ldt != NULL)
250 			free(core->core_ldt);
251 #endif
252 
253 		free(core);
254 	}
255 }
256 
257 /*ARGSUSED*/
258 static char *
259 Pplatform_core(struct ps_prochandle *P, char *s, size_t n, void *data)
260 {
261 	core_info_t *core = data;
262 
263 	if (core->core_platform == NULL) {
264 		errno = ENODATA;
265 		return (NULL);
266 	}
267 	(void) strncpy(s, core->core_platform, n - 1);
268 	s[n - 1] = '\0';
269 	return (s);
270 }
271 
272 /*ARGSUSED*/
273 static int
274 Puname_core(struct ps_prochandle *P, struct utsname *u, void *data)
275 {
276 	core_info_t *core = data;
277 
278 	if (core->core_uts == NULL) {
279 		errno = ENODATA;
280 		return (-1);
281 	}
282 	(void) memcpy(u, core->core_uts, sizeof (struct utsname));
283 	return (0);
284 }
285 
286 /*ARGSUSED*/
287 static char *
288 Pzonename_core(struct ps_prochandle *P, char *s, size_t n, void *data)
289 {
290 	core_info_t *core = data;
291 
292 	if (core->core_zonename == NULL) {
293 		errno = ENODATA;
294 		return (NULL);
295 	}
296 	(void) strlcpy(s, core->core_zonename, n);
297 	return (s);
298 }
299 
300 #ifdef __x86
301 /*ARGSUSED*/
302 static int
303 Pldt_core(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
304 {
305 	core_info_t *core = data;
306 
307 	if (pldt == NULL || nldt == 0)
308 		return (core->core_nldt);
309 
310 	if (core->core_ldt != NULL) {
311 		nldt = MIN(nldt, core->core_nldt);
312 
313 		(void) memcpy(pldt, core->core_ldt,
314 		    nldt * sizeof (struct ssd));
315 
316 		return (nldt);
317 	}
318 
319 	errno = ENODATA;
320 	return (-1);
321 }
322 #endif
323 
324 static const ps_ops_t P_core_ops = {
325 	.pop_pread	= Pread_core,
326 	.pop_pwrite	= Pwrite_core,
327 	.pop_cred	= Pcred_core,
328 	.pop_priv	= Ppriv_core,
329 	.pop_psinfo	= Ppsinfo_core,
330 	.pop_fini	= Pfini_core,
331 	.pop_platform	= Pplatform_core,
332 	.pop_uname	= Puname_core,
333 	.pop_zonename	= Pzonename_core,
334 	.pop_secflags	= Psecflags_core,
335 #ifdef __x86
336 	.pop_ldt	= Pldt_core
337 #endif
338 };
339 
340 /*
341  * Return the lwp_info_t for the given lwpid.  If no such lwpid has been
342  * encountered yet, allocate a new structure and return a pointer to it.
343  * Create a list of lwp_info_t structures sorted in decreasing lwp_id order.
344  */
345 static lwp_info_t *
346 lwpid2info(struct ps_prochandle *P, lwpid_t id)
347 {
348 	core_info_t *core = P->data;
349 	lwp_info_t *lwp = list_next(&core->core_lwp_head);
350 	lwp_info_t *next;
351 	uint_t i;
352 
353 	for (i = 0; i < core->core_nlwp; i++, lwp = list_next(lwp)) {
354 		if (lwp->lwp_id == id) {
355 			core->core_lwp = lwp;
356 			return (lwp);
357 		}
358 		if (lwp->lwp_id < id) {
359 			break;
360 		}
361 	}
362 
363 	next = lwp;
364 	if ((lwp = calloc(1, sizeof (lwp_info_t))) == NULL)
365 		return (NULL);
366 
367 	list_link(lwp, next);
368 	lwp->lwp_id = id;
369 
370 	core->core_lwp = lwp;
371 	core->core_nlwp++;
372 
373 	return (lwp);
374 }
375 
376 /*
377  * The core file itself contains a series of NOTE segments containing saved
378  * structures from /proc at the time the process died.  For each note we
379  * comprehend, we define a function to read it in from the core file,
380  * convert it to our native data model if necessary, and store it inside
381  * the ps_prochandle.  Each function is invoked by Pfgrab_core() with the
382  * seek pointer on P->asfd positioned appropriately.  We populate a table
383  * of pointers to these note functions below.
384  */
385 
386 static int
387 note_pstatus(struct ps_prochandle *P, size_t nbytes)
388 {
389 #ifdef _LP64
390 	core_info_t *core = P->data;
391 
392 	if (core->core_dmodel == PR_MODEL_ILP32) {
393 		pstatus32_t ps32;
394 
395 		if (nbytes < sizeof (pstatus32_t) ||
396 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
397 			goto err;
398 
399 		pstatus_32_to_n(&ps32, &P->status);
400 
401 	} else
402 #endif
403 	if (nbytes < sizeof (pstatus_t) ||
404 	    read(P->asfd, &P->status, sizeof (pstatus_t)) != sizeof (pstatus_t))
405 		goto err;
406 
407 	P->orig_status = P->status;
408 	P->pid = P->status.pr_pid;
409 
410 	return (0);
411 
412 err:
413 	dprintf("Pgrab_core: failed to read NT_PSTATUS\n");
414 	return (-1);
415 }
416 
417 static int
418 note_lwpstatus(struct ps_prochandle *P, size_t nbytes)
419 {
420 	lwp_info_t *lwp;
421 	lwpstatus_t lps;
422 
423 #ifdef _LP64
424 	core_info_t *core = P->data;
425 
426 	if (core->core_dmodel == PR_MODEL_ILP32) {
427 		lwpstatus32_t l32;
428 
429 		if (nbytes < sizeof (lwpstatus32_t) ||
430 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
431 			goto err;
432 
433 		lwpstatus_32_to_n(&l32, &lps);
434 	} else
435 #endif
436 	if (nbytes < sizeof (lwpstatus_t) ||
437 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
438 		goto err;
439 
440 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
441 		dprintf("Pgrab_core: failed to add NT_LWPSTATUS\n");
442 		return (-1);
443 	}
444 
445 	/*
446 	 * Erase a useless and confusing artifact of the kernel implementation:
447 	 * the lwps which did *not* create the core will show SIGKILL.  We can
448 	 * be assured this is bogus because SIGKILL can't produce core files.
449 	 */
450 	if (lps.pr_cursig == SIGKILL)
451 		lps.pr_cursig = 0;
452 
453 	(void) memcpy(&lwp->lwp_status, &lps, sizeof (lps));
454 	return (0);
455 
456 err:
457 	dprintf("Pgrab_core: failed to read NT_LWPSTATUS\n");
458 	return (-1);
459 }
460 
461 #ifdef __x86
462 
463 static void
464 lx_prpsinfo32_to_psinfo(lx_prpsinfo32_t *p32, psinfo_t *psinfo)
465 {
466 	psinfo->pr_flag = p32->pr_flag;
467 	psinfo->pr_pid = p32->pr_pid;
468 	psinfo->pr_ppid = p32->pr_ppid;
469 	psinfo->pr_uid = p32->pr_uid;
470 	psinfo->pr_gid = p32->pr_gid;
471 	psinfo->pr_sid = p32->pr_sid;
472 	psinfo->pr_pgid = p32->pr_pgrp;
473 
474 	(void) memcpy(psinfo->pr_fname, p32->pr_fname,
475 	    sizeof (psinfo->pr_fname));
476 	(void) memcpy(psinfo->pr_psargs, p32->pr_psargs,
477 	    sizeof (psinfo->pr_psargs));
478 }
479 
480 static void
481 lx_prpsinfo64_to_psinfo(lx_prpsinfo64_t *p64, psinfo_t *psinfo)
482 {
483 	psinfo->pr_flag = p64->pr_flag;
484 	psinfo->pr_pid = p64->pr_pid;
485 	psinfo->pr_ppid = p64->pr_ppid;
486 	psinfo->pr_uid = p64->pr_uid;
487 	psinfo->pr_gid = p64->pr_gid;
488 	psinfo->pr_sid = p64->pr_sid;
489 	psinfo->pr_pgid = p64->pr_pgrp;
490 	psinfo->pr_pgid = p64->pr_pgrp;
491 
492 	(void) memcpy(psinfo->pr_fname, p64->pr_fname,
493 	    sizeof (psinfo->pr_fname));
494 	(void) memcpy(psinfo->pr_psargs, p64->pr_psargs,
495 	    sizeof (psinfo->pr_psargs));
496 }
497 
498 static int
499 note_linux_psinfo(struct ps_prochandle *P, size_t nbytes)
500 {
501 	core_info_t *core = P->data;
502 	lx_prpsinfo32_t p32;
503 	lx_prpsinfo64_t p64;
504 
505 	if (core->core_dmodel == PR_MODEL_ILP32) {
506 		if (nbytes < sizeof (p32) ||
507 		    read(P->asfd, &p32, sizeof (p32)) != sizeof (p32))
508 			goto err;
509 
510 		lx_prpsinfo32_to_psinfo(&p32, &P->psinfo);
511 	} else {
512 		if (nbytes < sizeof (p64) ||
513 		    read(P->asfd, &p64, sizeof (p64)) != sizeof (p64))
514 			goto err;
515 
516 		lx_prpsinfo64_to_psinfo(&p64, &P->psinfo);
517 	}
518 
519 
520 	P->status.pr_pid = P->psinfo.pr_pid;
521 	P->status.pr_ppid = P->psinfo.pr_ppid;
522 	P->status.pr_pgid = P->psinfo.pr_pgid;
523 	P->status.pr_sid = P->psinfo.pr_sid;
524 
525 	P->psinfo.pr_nlwp = 0;
526 	P->status.pr_nlwp = 0;
527 
528 	return (0);
529 err:
530 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
531 	return (-1);
532 }
533 
534 static void
535 lx_prstatus64_to_lwp(lx_prstatus64_t *prs64, lwp_info_t *lwp)
536 {
537 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs64->pr_utime);
538 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs64->pr_stime);
539 
540 	lwp->lwp_status.pr_reg[REG_R15] = prs64->pr_reg.lxr_r15;
541 	lwp->lwp_status.pr_reg[REG_R14] = prs64->pr_reg.lxr_r14;
542 	lwp->lwp_status.pr_reg[REG_R13] = prs64->pr_reg.lxr_r13;
543 	lwp->lwp_status.pr_reg[REG_R12] = prs64->pr_reg.lxr_r12;
544 	lwp->lwp_status.pr_reg[REG_R11] = prs64->pr_reg.lxr_r11;
545 	lwp->lwp_status.pr_reg[REG_R10] = prs64->pr_reg.lxr_r10;
546 	lwp->lwp_status.pr_reg[REG_R9] = prs64->pr_reg.lxr_r9;
547 	lwp->lwp_status.pr_reg[REG_R8] = prs64->pr_reg.lxr_r8;
548 
549 	lwp->lwp_status.pr_reg[REG_RDI] = prs64->pr_reg.lxr_rdi;
550 	lwp->lwp_status.pr_reg[REG_RSI] = prs64->pr_reg.lxr_rsi;
551 	lwp->lwp_status.pr_reg[REG_RBP] = prs64->pr_reg.lxr_rbp;
552 	lwp->lwp_status.pr_reg[REG_RBX] = prs64->pr_reg.lxr_rbx;
553 	lwp->lwp_status.pr_reg[REG_RDX] = prs64->pr_reg.lxr_rdx;
554 	lwp->lwp_status.pr_reg[REG_RCX] = prs64->pr_reg.lxr_rcx;
555 	lwp->lwp_status.pr_reg[REG_RAX] = prs64->pr_reg.lxr_rax;
556 
557 	lwp->lwp_status.pr_reg[REG_RIP] = prs64->pr_reg.lxr_rip;
558 	lwp->lwp_status.pr_reg[REG_CS] = prs64->pr_reg.lxr_cs;
559 	lwp->lwp_status.pr_reg[REG_RSP] = prs64->pr_reg.lxr_rsp;
560 	lwp->lwp_status.pr_reg[REG_FS] = prs64->pr_reg.lxr_fs;
561 	lwp->lwp_status.pr_reg[REG_SS] = prs64->pr_reg.lxr_ss;
562 	lwp->lwp_status.pr_reg[REG_GS] = prs64->pr_reg.lxr_gs;
563 	lwp->lwp_status.pr_reg[REG_ES] = prs64->pr_reg.lxr_es;
564 	lwp->lwp_status.pr_reg[REG_DS] = prs64->pr_reg.lxr_ds;
565 
566 	lwp->lwp_status.pr_reg[REG_GSBASE] = prs64->pr_reg.lxr_gs_base;
567 	lwp->lwp_status.pr_reg[REG_FSBASE] = prs64->pr_reg.lxr_fs_base;
568 }
569 
570 static void
571 lx_prstatus32_to_lwp(lx_prstatus32_t *prs32, lwp_info_t *lwp)
572 {
573 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs32->pr_utime);
574 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs32->pr_stime);
575 
576 #ifdef __amd64
577 	lwp->lwp_status.pr_reg[REG_GS] = prs32->pr_reg.lxr_gs;
578 	lwp->lwp_status.pr_reg[REG_FS] = prs32->pr_reg.lxr_fs;
579 	lwp->lwp_status.pr_reg[REG_DS] = prs32->pr_reg.lxr_ds;
580 	lwp->lwp_status.pr_reg[REG_ES] = prs32->pr_reg.lxr_es;
581 	lwp->lwp_status.pr_reg[REG_RDI] = prs32->pr_reg.lxr_di;
582 	lwp->lwp_status.pr_reg[REG_RSI] = prs32->pr_reg.lxr_si;
583 	lwp->lwp_status.pr_reg[REG_RBP] = prs32->pr_reg.lxr_bp;
584 	lwp->lwp_status.pr_reg[REG_RBX] = prs32->pr_reg.lxr_bx;
585 	lwp->lwp_status.pr_reg[REG_RDX] = prs32->pr_reg.lxr_dx;
586 	lwp->lwp_status.pr_reg[REG_RCX] = prs32->pr_reg.lxr_cx;
587 	lwp->lwp_status.pr_reg[REG_RAX] = prs32->pr_reg.lxr_ax;
588 	lwp->lwp_status.pr_reg[REG_RIP] = prs32->pr_reg.lxr_ip;
589 	lwp->lwp_status.pr_reg[REG_CS] = prs32->pr_reg.lxr_cs;
590 	lwp->lwp_status.pr_reg[REG_RFL] = prs32->pr_reg.lxr_flags;
591 	lwp->lwp_status.pr_reg[REG_RSP] = prs32->pr_reg.lxr_sp;
592 	lwp->lwp_status.pr_reg[REG_SS] = prs32->pr_reg.lxr_ss;
593 #else /* __amd64 */
594 	lwp->lwp_status.pr_reg[EBX] = prs32->pr_reg.lxr_bx;
595 	lwp->lwp_status.pr_reg[ECX] = prs32->pr_reg.lxr_cx;
596 	lwp->lwp_status.pr_reg[EDX] = prs32->pr_reg.lxr_dx;
597 	lwp->lwp_status.pr_reg[ESI] = prs32->pr_reg.lxr_si;
598 	lwp->lwp_status.pr_reg[EDI] = prs32->pr_reg.lxr_di;
599 	lwp->lwp_status.pr_reg[EBP] = prs32->pr_reg.lxr_bp;
600 	lwp->lwp_status.pr_reg[EAX] = prs32->pr_reg.lxr_ax;
601 	lwp->lwp_status.pr_reg[EIP] = prs32->pr_reg.lxr_ip;
602 	lwp->lwp_status.pr_reg[UESP] = prs32->pr_reg.lxr_sp;
603 
604 	lwp->lwp_status.pr_reg[DS] = prs32->pr_reg.lxr_ds;
605 	lwp->lwp_status.pr_reg[ES] = prs32->pr_reg.lxr_es;
606 	lwp->lwp_status.pr_reg[FS] = prs32->pr_reg.lxr_fs;
607 	lwp->lwp_status.pr_reg[GS] = prs32->pr_reg.lxr_gs;
608 	lwp->lwp_status.pr_reg[CS] = prs32->pr_reg.lxr_cs;
609 	lwp->lwp_status.pr_reg[SS] = prs32->pr_reg.lxr_ss;
610 
611 	lwp->lwp_status.pr_reg[EFL] = prs32->pr_reg.lxr_flags;
612 #endif	/* !__amd64 */
613 }
614 
615 static int
616 note_linux_prstatus(struct ps_prochandle *P, size_t nbytes)
617 {
618 	core_info_t *core = P->data;
619 
620 	lx_prstatus64_t prs64;
621 	lx_prstatus32_t prs32;
622 	lwp_info_t *lwp;
623 	lwpid_t tid;
624 
625 	dprintf("looking for model %d, %ld/%ld\n", core->core_dmodel,
626 	    (ulong_t)nbytes, (ulong_t)sizeof (prs32));
627 	if (core->core_dmodel == PR_MODEL_ILP32) {
628 		if (nbytes < sizeof (prs32) ||
629 		    read(P->asfd, &prs32, sizeof (prs32)) != nbytes)
630 			goto err;
631 		tid = prs32.pr_pid;
632 	} else {
633 		if (nbytes < sizeof (prs64) ||
634 		    read(P->asfd, &prs64, sizeof (prs64)) != nbytes)
635 			goto err;
636 		tid = prs64.pr_pid;
637 	}
638 
639 	if ((lwp = lwpid2info(P, tid)) == NULL) {
640 		dprintf("Pgrab_core: failed to add lwpid2info "
641 		    "linux_prstatus\n");
642 		return (-1);
643 	}
644 
645 	P->psinfo.pr_nlwp++;
646 	P->status.pr_nlwp++;
647 
648 	lwp->lwp_status.pr_lwpid = tid;
649 
650 	if (core->core_dmodel == PR_MODEL_ILP32)
651 		lx_prstatus32_to_lwp(&prs32, lwp);
652 	else
653 		lx_prstatus64_to_lwp(&prs64, lwp);
654 
655 	return (0);
656 err:
657 	dprintf("Pgrab_core: failed to read NT_PRSTATUS\n");
658 	return (-1);
659 }
660 
661 #endif /* __x86 */
662 
663 static int
664 note_psinfo(struct ps_prochandle *P, size_t nbytes)
665 {
666 #ifdef _LP64
667 	core_info_t *core = P->data;
668 
669 	if (core->core_dmodel == PR_MODEL_ILP32) {
670 		psinfo32_t ps32;
671 
672 		if (nbytes < sizeof (psinfo32_t) ||
673 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
674 			goto err;
675 
676 		psinfo_32_to_n(&ps32, &P->psinfo);
677 	} else
678 #endif
679 	if (nbytes < sizeof (psinfo_t) ||
680 	    read(P->asfd, &P->psinfo, sizeof (psinfo_t)) != sizeof (psinfo_t))
681 		goto err;
682 
683 	dprintf("pr_fname = <%s>\n", P->psinfo.pr_fname);
684 	dprintf("pr_psargs = <%s>\n", P->psinfo.pr_psargs);
685 	dprintf("pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
686 
687 	return (0);
688 
689 err:
690 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
691 	return (-1);
692 }
693 
694 static int
695 note_lwpsinfo(struct ps_prochandle *P, size_t nbytes)
696 {
697 	lwp_info_t *lwp;
698 	lwpsinfo_t lps;
699 
700 #ifdef _LP64
701 	core_info_t *core = P->data;
702 
703 	if (core->core_dmodel == PR_MODEL_ILP32) {
704 		lwpsinfo32_t l32;
705 
706 		if (nbytes < sizeof (lwpsinfo32_t) ||
707 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
708 			goto err;
709 
710 		lwpsinfo_32_to_n(&l32, &lps);
711 	} else
712 #endif
713 	if (nbytes < sizeof (lwpsinfo_t) ||
714 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
715 		goto err;
716 
717 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
718 		dprintf("Pgrab_core: failed to add NT_LWPSINFO\n");
719 		return (-1);
720 	}
721 
722 	(void) memcpy(&lwp->lwp_psinfo, &lps, sizeof (lps));
723 	return (0);
724 
725 err:
726 	dprintf("Pgrab_core: failed to read NT_LWPSINFO\n");
727 	return (-1);
728 }
729 
730 static int
731 note_lwpname(struct ps_prochandle *P, size_t nbytes)
732 {
733 	prlwpname_t name;
734 	lwp_info_t *lwp;
735 
736 	if (nbytes != sizeof (name) ||
737 	    read(P->asfd, &name, sizeof (name)) != sizeof (name))
738 		goto err;
739 
740 	if ((lwp = lwpid2info(P, name.pr_lwpid)) == NULL)
741 		goto err;
742 
743 	if (strlcpy(lwp->lwp_name, name.pr_lwpname,
744 	    sizeof (lwp->lwp_name)) >= sizeof (lwp->lwp_name)) {
745 		errno = ENAMETOOLONG;
746 		goto err;
747 	}
748 
749 	return (0);
750 
751 err:
752 	dprintf("Pgrab_core: failed to read NT_LWPNAME\n");
753 	return (-1);
754 }
755 
756 static int
757 note_fdinfo(struct ps_prochandle *P, size_t nbytes)
758 {
759 	prfdinfo_core_t prfd;
760 	fd_info_t *fip;
761 
762 	if ((nbytes < sizeof (prfd)) ||
763 	    (read(P->asfd, &prfd, sizeof (prfd)) != sizeof (prfd))) {
764 		dprintf("Pgrab_core: failed to read NT_FDINFO\n");
765 		return (-1);
766 	}
767 
768 	if ((fip = Pfd2info(P, prfd.pr_fd)) == NULL) {
769 		dprintf("Pgrab_core: failed to add NT_FDINFO\n");
770 		return (-1);
771 	}
772 	if (fip->fd_info == NULL) {
773 		if (proc_fdinfo_from_core(&prfd, &fip->fd_info) != 0) {
774 			dprintf("Pgrab_core: failed to convert NT_FDINFO\n");
775 			return (-1);
776 		}
777 	}
778 
779 	return (0);
780 }
781 
782 static int
783 note_platform(struct ps_prochandle *P, size_t nbytes)
784 {
785 	core_info_t *core = P->data;
786 	char *plat;
787 
788 	if (core->core_platform != NULL)
789 		return (0);	/* Already seen */
790 
791 	if (nbytes != 0 && ((plat = malloc(nbytes + 1)) != NULL)) {
792 		if (read(P->asfd, plat, nbytes) != nbytes) {
793 			dprintf("Pgrab_core: failed to read NT_PLATFORM\n");
794 			free(plat);
795 			return (-1);
796 		}
797 		plat[nbytes - 1] = '\0';
798 		core->core_platform = plat;
799 	}
800 
801 	return (0);
802 }
803 
804 static int
805 note_secflags(struct ps_prochandle *P, size_t nbytes)
806 {
807 	core_info_t *core = P->data;
808 	prsecflags_t *psf;
809 
810 	if (core->core_secflags != NULL)
811 		return (0);	/* Already seen */
812 
813 	if (sizeof (*psf) != nbytes) {
814 		dprintf("Pgrab_core: NT_SECFLAGS changed size."
815 		    "  Need to handle a version change?\n");
816 		return (-1);
817 	}
818 
819 	if (nbytes != 0 && ((psf = malloc(nbytes)) != NULL)) {
820 		if (read(P->asfd, psf, nbytes) != nbytes) {
821 			dprintf("Pgrab_core: failed to read NT_SECFLAGS\n");
822 			free(psf);
823 			return (-1);
824 		}
825 
826 		core->core_secflags = psf;
827 	}
828 
829 	return (0);
830 }
831 
832 static int
833 note_utsname(struct ps_prochandle *P, size_t nbytes)
834 {
835 	core_info_t *core = P->data;
836 	size_t ubytes = sizeof (struct utsname);
837 	struct utsname *utsp;
838 
839 	if (core->core_uts != NULL || nbytes < ubytes)
840 		return (0);	/* Already seen or bad size */
841 
842 	if ((utsp = malloc(ubytes)) == NULL)
843 		return (-1);
844 
845 	if (read(P->asfd, utsp, ubytes) != ubytes) {
846 		dprintf("Pgrab_core: failed to read NT_UTSNAME\n");
847 		free(utsp);
848 		return (-1);
849 	}
850 
851 	if (_libproc_debug) {
852 		dprintf("uts.sysname = \"%s\"\n", utsp->sysname);
853 		dprintf("uts.nodename = \"%s\"\n", utsp->nodename);
854 		dprintf("uts.release = \"%s\"\n", utsp->release);
855 		dprintf("uts.version = \"%s\"\n", utsp->version);
856 		dprintf("uts.machine = \"%s\"\n", utsp->machine);
857 	}
858 
859 	core->core_uts = utsp;
860 	return (0);
861 }
862 
863 static int
864 note_content(struct ps_prochandle *P, size_t nbytes)
865 {
866 	core_info_t *core = P->data;
867 	core_content_t content;
868 
869 	if (sizeof (core->core_content) != nbytes)
870 		return (-1);
871 
872 	if (read(P->asfd, &content, sizeof (content)) != sizeof (content))
873 		return (-1);
874 
875 	core->core_content = content;
876 
877 	dprintf("core content = %llx\n", content);
878 
879 	return (0);
880 }
881 
882 static int
883 note_cred(struct ps_prochandle *P, size_t nbytes)
884 {
885 	core_info_t *core = P->data;
886 	prcred_t *pcrp;
887 	int ngroups;
888 	const size_t min_size = sizeof (prcred_t) - sizeof (gid_t);
889 
890 	/*
891 	 * We allow for prcred_t notes that are actually smaller than a
892 	 * prcred_t since the last member isn't essential if there are
893 	 * no group memberships. This allows for more flexibility when it
894 	 * comes to slightly malformed -- but still valid -- notes.
895 	 */
896 	if (core->core_cred != NULL || nbytes < min_size)
897 		return (0);	/* Already seen or bad size */
898 
899 	ngroups = (nbytes - min_size) / sizeof (gid_t);
900 	nbytes = sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t);
901 
902 	if ((pcrp = malloc(nbytes)) == NULL)
903 		return (-1);
904 
905 	if (read(P->asfd, pcrp, nbytes) != nbytes) {
906 		dprintf("Pgrab_core: failed to read NT_PRCRED\n");
907 		free(pcrp);
908 		return (-1);
909 	}
910 
911 	if (pcrp->pr_ngroups > ngroups) {
912 		dprintf("pr_ngroups = %d; resetting to %d based on note size\n",
913 		    pcrp->pr_ngroups, ngroups);
914 		pcrp->pr_ngroups = ngroups;
915 	}
916 
917 	core->core_cred = pcrp;
918 	return (0);
919 }
920 
921 #ifdef __x86
922 static int
923 note_ldt(struct ps_prochandle *P, size_t nbytes)
924 {
925 	core_info_t *core = P->data;
926 	struct ssd *pldt;
927 	uint_t nldt;
928 
929 	if (core->core_ldt != NULL || nbytes < sizeof (struct ssd))
930 		return (0);	/* Already seen or bad size */
931 
932 	nldt = nbytes / sizeof (struct ssd);
933 	nbytes = nldt * sizeof (struct ssd);
934 
935 	if ((pldt = malloc(nbytes)) == NULL)
936 		return (-1);
937 
938 	if (read(P->asfd, pldt, nbytes) != nbytes) {
939 		dprintf("Pgrab_core: failed to read NT_LDT\n");
940 		free(pldt);
941 		return (-1);
942 	}
943 
944 	core->core_ldt = pldt;
945 	core->core_nldt = nldt;
946 	return (0);
947 }
948 #endif	/* __i386 */
949 
950 static int
951 note_priv(struct ps_prochandle *P, size_t nbytes)
952 {
953 	core_info_t *core = P->data;
954 	prpriv_t *pprvp;
955 
956 	if (core->core_priv != NULL || nbytes < sizeof (prpriv_t))
957 		return (0);	/* Already seen or bad size */
958 
959 	if ((pprvp = malloc(nbytes)) == NULL)
960 		return (-1);
961 
962 	if (read(P->asfd, pprvp, nbytes) != nbytes) {
963 		dprintf("Pgrab_core: failed to read NT_PRPRIV\n");
964 		free(pprvp);
965 		return (-1);
966 	}
967 
968 	core->core_priv = pprvp;
969 	core->core_priv_size = nbytes;
970 	return (0);
971 }
972 
973 static int
974 note_priv_info(struct ps_prochandle *P, size_t nbytes)
975 {
976 	core_info_t *core = P->data;
977 	extern void *__priv_parse_info();
978 	priv_impl_info_t *ppii;
979 
980 	if (core->core_privinfo != NULL ||
981 	    nbytes < sizeof (priv_impl_info_t))
982 		return (0);	/* Already seen or bad size */
983 
984 	if ((ppii = malloc(nbytes)) == NULL)
985 		return (-1);
986 
987 	if (read(P->asfd, ppii, nbytes) != nbytes ||
988 	    PRIV_IMPL_INFO_SIZE(ppii) != nbytes) {
989 		dprintf("Pgrab_core: failed to read NT_PRPRIVINFO\n");
990 		free(ppii);
991 		return (-1);
992 	}
993 
994 	core->core_privinfo = __priv_parse_info(ppii);
995 	core->core_ppii = ppii;
996 	return (0);
997 }
998 
999 static int
1000 note_zonename(struct ps_prochandle *P, size_t nbytes)
1001 {
1002 	core_info_t *core = P->data;
1003 	char *zonename;
1004 
1005 	if (core->core_zonename != NULL)
1006 		return (0);	/* Already seen */
1007 
1008 	if (nbytes != 0) {
1009 		if ((zonename = malloc(nbytes)) == NULL)
1010 			return (-1);
1011 		if (read(P->asfd, zonename, nbytes) != nbytes) {
1012 			dprintf("Pgrab_core: failed to read NT_ZONENAME\n");
1013 			free(zonename);
1014 			return (-1);
1015 		}
1016 		zonename[nbytes - 1] = '\0';
1017 		core->core_zonename = zonename;
1018 	}
1019 
1020 	return (0);
1021 }
1022 
1023 static int
1024 note_auxv(struct ps_prochandle *P, size_t nbytes)
1025 {
1026 	size_t n, i;
1027 
1028 #ifdef _LP64
1029 	core_info_t *core = P->data;
1030 
1031 	if (core->core_dmodel == PR_MODEL_ILP32) {
1032 		auxv32_t *a32;
1033 
1034 		n = nbytes / sizeof (auxv32_t);
1035 		nbytes = n * sizeof (auxv32_t);
1036 		a32 = alloca(nbytes);
1037 
1038 		if (read(P->asfd, a32, nbytes) != nbytes) {
1039 			dprintf("Pgrab_core: failed to read NT_AUXV\n");
1040 			return (-1);
1041 		}
1042 
1043 		if ((P->auxv = malloc(sizeof (auxv_t) * (n + 1))) == NULL)
1044 			return (-1);
1045 
1046 		for (i = 0; i < n; i++)
1047 			auxv_32_to_n(&a32[i], &P->auxv[i]);
1048 
1049 	} else {
1050 #endif
1051 		n = nbytes / sizeof (auxv_t);
1052 		nbytes = n * sizeof (auxv_t);
1053 
1054 		if ((P->auxv = malloc(nbytes + sizeof (auxv_t))) == NULL)
1055 			return (-1);
1056 
1057 		if (read(P->asfd, P->auxv, nbytes) != nbytes) {
1058 			free(P->auxv);
1059 			P->auxv = NULL;
1060 			return (-1);
1061 		}
1062 #ifdef _LP64
1063 	}
1064 #endif
1065 
1066 	if (_libproc_debug) {
1067 		for (i = 0; i < n; i++) {
1068 			dprintf("P->auxv[%lu] = ( %d, 0x%lx )\n", (ulong_t)i,
1069 			    P->auxv[i].a_type, P->auxv[i].a_un.a_val);
1070 		}
1071 	}
1072 
1073 	/*
1074 	 * Defensive coding for loops which depend upon the auxv array being
1075 	 * terminated by an AT_NULL element; in each case, we've allocated
1076 	 * P->auxv to have an additional element which we force to be AT_NULL.
1077 	 */
1078 	P->auxv[n].a_type = AT_NULL;
1079 	P->auxv[n].a_un.a_val = 0L;
1080 	P->nauxv = (int)n;
1081 
1082 	return (0);
1083 }
1084 
1085 #ifdef __sparc
1086 static int
1087 note_xreg(struct ps_prochandle *P, size_t nbytes)
1088 {
1089 	core_info_t *core = P->data;
1090 	lwp_info_t *lwp = core->core_lwp;
1091 	size_t xbytes = sizeof (prxregset_t);
1092 	prxregset_t *xregs;
1093 
1094 	if (lwp == NULL || lwp->lwp_xregs != NULL || nbytes < xbytes)
1095 		return (0);	/* No lwp yet, already seen, or bad size */
1096 
1097 	if ((xregs = malloc(xbytes)) == NULL)
1098 		return (-1);
1099 
1100 	if (read(P->asfd, xregs, xbytes) != xbytes) {
1101 		dprintf("Pgrab_core: failed to read NT_PRXREG\n");
1102 		free(xregs);
1103 		return (-1);
1104 	}
1105 
1106 	lwp->lwp_xregs = xregs;
1107 	return (0);
1108 }
1109 
1110 static int
1111 note_gwindows(struct ps_prochandle *P, size_t nbytes)
1112 {
1113 	core_info_t *core = P->data;
1114 	lwp_info_t *lwp = core->core_lwp;
1115 
1116 	if (lwp == NULL || lwp->lwp_gwins != NULL || nbytes == 0)
1117 		return (0);	/* No lwp yet or already seen or no data */
1118 
1119 	if ((lwp->lwp_gwins = malloc(sizeof (gwindows_t))) == NULL)
1120 		return (-1);
1121 
1122 	/*
1123 	 * Since the amount of gwindows data varies with how many windows were
1124 	 * actually saved, we just read up to the minimum of the note size
1125 	 * and the size of the gwindows_t type.  It doesn't matter if the read
1126 	 * fails since we have to zero out gwindows first anyway.
1127 	 */
1128 #ifdef _LP64
1129 	if (core->core_dmodel == PR_MODEL_ILP32) {
1130 		gwindows32_t g32;
1131 
1132 		(void) memset(&g32, 0, sizeof (g32));
1133 		(void) read(P->asfd, &g32, MIN(nbytes, sizeof (g32)));
1134 		gwindows_32_to_n(&g32, lwp->lwp_gwins);
1135 
1136 	} else {
1137 #endif
1138 		(void) memset(lwp->lwp_gwins, 0, sizeof (gwindows_t));
1139 		(void) read(P->asfd, lwp->lwp_gwins,
1140 		    MIN(nbytes, sizeof (gwindows_t)));
1141 #ifdef _LP64
1142 	}
1143 #endif
1144 	return (0);
1145 }
1146 
1147 #ifdef __sparcv9
1148 static int
1149 note_asrs(struct ps_prochandle *P, size_t nbytes)
1150 {
1151 	core_info_t *core = P->data;
1152 	lwp_info_t *lwp = core->core_lwp;
1153 	int64_t *asrs;
1154 
1155 	if (lwp == NULL || lwp->lwp_asrs != NULL || nbytes < sizeof (asrset_t))
1156 		return (0);	/* No lwp yet, already seen, or bad size */
1157 
1158 	if ((asrs = malloc(sizeof (asrset_t))) == NULL)
1159 		return (-1);
1160 
1161 	if (read(P->asfd, asrs, sizeof (asrset_t)) != sizeof (asrset_t)) {
1162 		dprintf("Pgrab_core: failed to read NT_ASRS\n");
1163 		free(asrs);
1164 		return (-1);
1165 	}
1166 
1167 	lwp->lwp_asrs = asrs;
1168 	return (0);
1169 }
1170 #endif	/* __sparcv9 */
1171 #endif	/* __sparc */
1172 
1173 static int
1174 note_spymaster(struct ps_prochandle *P, size_t nbytes)
1175 {
1176 #ifdef _LP64
1177 	core_info_t *core = P->data;
1178 
1179 	if (core->core_dmodel == PR_MODEL_ILP32) {
1180 		psinfo32_t ps32;
1181 
1182 		if (nbytes < sizeof (psinfo32_t) ||
1183 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
1184 			goto err;
1185 
1186 		psinfo_32_to_n(&ps32, &P->spymaster);
1187 	} else
1188 #endif
1189 	if (nbytes < sizeof (psinfo_t) || read(P->asfd,
1190 	    &P->spymaster, sizeof (psinfo_t)) != sizeof (psinfo_t))
1191 		goto err;
1192 
1193 	dprintf("spymaster pr_fname = <%s>\n", P->psinfo.pr_fname);
1194 	dprintf("spymaster pr_psargs = <%s>\n", P->psinfo.pr_psargs);
1195 	dprintf("spymaster pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
1196 
1197 	return (0);
1198 
1199 err:
1200 	dprintf("Pgrab_core: failed to read NT_SPYMASTER\n");
1201 	return (-1);
1202 }
1203 
1204 /*ARGSUSED*/
1205 static int
1206 note_notsup(struct ps_prochandle *P, size_t nbytes)
1207 {
1208 	dprintf("skipping unsupported note type of size %ld bytes\n",
1209 	    (ulong_t)nbytes);
1210 	return (0);
1211 }
1212 
1213 /*
1214  * Populate a table of function pointers indexed by Note type with our
1215  * functions to process each type of core file note:
1216  */
1217 static int (*nhdlrs[])(struct ps_prochandle *, size_t) = {
1218 	note_notsup,		/*  0	unassigned		*/
1219 #ifdef __x86
1220 	note_linux_prstatus,		/*  1	NT_PRSTATUS (old)	*/
1221 #else
1222 	note_notsup,		/*  1	NT_PRSTATUS (old)	*/
1223 #endif
1224 	note_notsup,		/*  2	NT_PRFPREG (old)	*/
1225 #ifdef __x86
1226 	note_linux_psinfo,		/*  3	NT_PRPSINFO (old)	*/
1227 #else
1228 	note_notsup,		/*  3	NT_PRPSINFO (old)	*/
1229 #endif
1230 #ifdef __sparc
1231 	note_xreg,		/*  4	NT_PRXREG		*/
1232 #else
1233 	note_notsup,		/*  4	NT_PRXREG		*/
1234 #endif
1235 	note_platform,		/*  5	NT_PLATFORM		*/
1236 	note_auxv,		/*  6	NT_AUXV			*/
1237 #ifdef __sparc
1238 	note_gwindows,		/*  7	NT_GWINDOWS		*/
1239 #ifdef __sparcv9
1240 	note_asrs,		/*  8	NT_ASRS			*/
1241 #else
1242 	note_notsup,		/*  8	NT_ASRS			*/
1243 #endif
1244 #else
1245 	note_notsup,		/*  7	NT_GWINDOWS		*/
1246 	note_notsup,		/*  8	NT_ASRS			*/
1247 #endif
1248 #ifdef __x86
1249 	note_ldt,		/*  9	NT_LDT			*/
1250 #else
1251 	note_notsup,		/*  9	NT_LDT			*/
1252 #endif
1253 	note_pstatus,		/* 10	NT_PSTATUS		*/
1254 	note_notsup,		/* 11	unassigned		*/
1255 	note_notsup,		/* 12	unassigned		*/
1256 	note_psinfo,		/* 13	NT_PSINFO		*/
1257 	note_cred,		/* 14	NT_PRCRED		*/
1258 	note_utsname,		/* 15	NT_UTSNAME		*/
1259 	note_lwpstatus,		/* 16	NT_LWPSTATUS		*/
1260 	note_lwpsinfo,		/* 17	NT_LWPSINFO		*/
1261 	note_priv,		/* 18	NT_PRPRIV		*/
1262 	note_priv_info,		/* 19	NT_PRPRIVINFO		*/
1263 	note_content,		/* 20	NT_CONTENT		*/
1264 	note_zonename,		/* 21	NT_ZONENAME		*/
1265 	note_fdinfo,		/* 22	NT_FDINFO		*/
1266 	note_spymaster,		/* 23	NT_SPYMASTER		*/
1267 	note_secflags,		/* 24	NT_SECFLAGS		*/
1268 	note_lwpname,		/* 25	NT_LWPNAME		*/
1269 };
1270 
1271 static void
1272 core_report_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1273 {
1274 	prkillinfo_t killinfo;
1275 	siginfo_t *si = &killinfo.prk_info;
1276 	char signame[SIG2STR_MAX], sig[64], info[64];
1277 	void *addr = (void *)(uintptr_t)php->p_vaddr;
1278 
1279 	const char *errfmt = "core file data for mapping at %p not saved: %s\n";
1280 	const char *incfmt = "core file incomplete due to %s%s\n";
1281 	const char *msgfmt = "mappings at and above %p are missing\n";
1282 
1283 	if (!(php->p_flags & PF_SUNW_KILLED)) {
1284 		int err = 0;
1285 
1286 		(void) pread64(P->asfd, &err,
1287 		    sizeof (err), (off64_t)php->p_offset);
1288 
1289 		Perror_printf(P, errfmt, addr, strerror(err));
1290 		dprintf(errfmt, addr, strerror(err));
1291 		return;
1292 	}
1293 
1294 	if (!(php->p_flags & PF_SUNW_SIGINFO))
1295 		return;
1296 
1297 	(void) memset(&killinfo, 0, sizeof (killinfo));
1298 
1299 	(void) pread64(P->asfd, &killinfo,
1300 	    sizeof (killinfo), (off64_t)php->p_offset);
1301 
1302 	/*
1303 	 * While there is (or at least should be) only one segment that has
1304 	 * PF_SUNW_SIGINFO set, the signal information there is globally
1305 	 * useful (even if only to those debugging libproc consumers); we hang
1306 	 * the signal information gleaned here off of the ps_prochandle.
1307 	 */
1308 	P->map_missing = php->p_vaddr;
1309 	P->killinfo = killinfo.prk_info;
1310 
1311 	if (sig2str(si->si_signo, signame) == -1) {
1312 		(void) snprintf(sig, sizeof (sig),
1313 		    "<Unknown signal: 0x%x>, ", si->si_signo);
1314 	} else {
1315 		(void) snprintf(sig, sizeof (sig), "SIG%s, ", signame);
1316 	}
1317 
1318 	if (si->si_code == SI_USER || si->si_code == SI_QUEUE) {
1319 		(void) snprintf(info, sizeof (info),
1320 		    "pid=%d uid=%d zone=%d ctid=%d",
1321 		    si->si_pid, si->si_uid, si->si_zoneid, si->si_ctid);
1322 	} else {
1323 		(void) snprintf(info, sizeof (info),
1324 		    "code=%d", si->si_code);
1325 	}
1326 
1327 	Perror_printf(P, incfmt, sig, info);
1328 	Perror_printf(P, msgfmt, addr);
1329 
1330 	dprintf(incfmt, sig, info);
1331 	dprintf(msgfmt, addr);
1332 }
1333 
1334 /*
1335  * Add information on the address space mapping described by the given
1336  * PT_LOAD program header.  We fill in more information on the mapping later.
1337  */
1338 static int
1339 core_add_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1340 {
1341 	core_info_t *core = P->data;
1342 	prmap_t pmap;
1343 
1344 	dprintf("mapping base %llx filesz %llx memsz %llx offset %llx\n",
1345 	    (u_longlong_t)php->p_vaddr, (u_longlong_t)php->p_filesz,
1346 	    (u_longlong_t)php->p_memsz, (u_longlong_t)php->p_offset);
1347 
1348 	pmap.pr_vaddr = (uintptr_t)php->p_vaddr;
1349 	pmap.pr_size = php->p_memsz;
1350 
1351 	/*
1352 	 * If Pgcore() or elfcore() fail to write a mapping, they will set
1353 	 * PF_SUNW_FAILURE in the Phdr and try to stash away the errno for us.
1354 	 */
1355 	if (php->p_flags & PF_SUNW_FAILURE) {
1356 		core_report_mapping(P, php);
1357 	} else if (php->p_filesz != 0 && php->p_offset >= core->core_size) {
1358 		Perror_printf(P, "core file may be corrupt -- data for mapping "
1359 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1360 		dprintf("core file may be corrupt -- data for mapping "
1361 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1362 	}
1363 
1364 	/*
1365 	 * The mapping name and offset will hopefully be filled in
1366 	 * by the librtld_db agent.  Unfortunately, if it isn't a
1367 	 * shared library mapping, this information is gone forever.
1368 	 */
1369 	pmap.pr_mapname[0] = '\0';
1370 	pmap.pr_offset = 0;
1371 
1372 	pmap.pr_mflags = 0;
1373 	if (php->p_flags & PF_R)
1374 		pmap.pr_mflags |= MA_READ;
1375 	if (php->p_flags & PF_W)
1376 		pmap.pr_mflags |= MA_WRITE;
1377 	if (php->p_flags & PF_X)
1378 		pmap.pr_mflags |= MA_EXEC;
1379 
1380 	if (php->p_filesz == 0)
1381 		pmap.pr_mflags |= MA_RESERVED1;
1382 
1383 	/*
1384 	 * At the time of adding this mapping, we just zero the pagesize.
1385 	 * Once we've processed more of the core file, we'll have the
1386 	 * pagesize from the auxv's AT_PAGESZ element and we can fill this in.
1387 	 */
1388 	pmap.pr_pagesize = 0;
1389 
1390 	/*
1391 	 * Unfortunately whether or not the mapping was a System V
1392 	 * shared memory segment is lost.  We use -1 to mark it as not shm.
1393 	 */
1394 	pmap.pr_shmid = -1;
1395 
1396 	return (Padd_mapping(P, php->p_offset, NULL, &pmap));
1397 }
1398 
1399 /*
1400  * Given a virtual address, name the mapping at that address using the
1401  * specified name, and return the map_info_t pointer.
1402  */
1403 static map_info_t *
1404 core_name_mapping(struct ps_prochandle *P, uintptr_t addr, const char *name)
1405 {
1406 	map_info_t *mp = Paddr2mptr(P, addr);
1407 
1408 	if (mp != NULL) {
1409 		(void) strncpy(mp->map_pmap.pr_mapname, name, PRMAPSZ);
1410 		mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
1411 	}
1412 
1413 	return (mp);
1414 }
1415 
1416 /*
1417  * libproc uses libelf for all of its symbol table manipulation. This function
1418  * takes a symbol table and string table from a core file and places them
1419  * in a memory backed elf file.
1420  */
1421 static void
1422 fake_up_symtab(struct ps_prochandle *P, const elf_file_header_t *ehdr,
1423     GElf_Shdr *symtab, GElf_Shdr *strtab)
1424 {
1425 	size_t size;
1426 	off64_t off, base;
1427 	map_info_t *mp;
1428 	file_info_t *fp;
1429 	Elf_Scn *scn;
1430 	Elf_Data *data;
1431 
1432 	if (symtab->sh_addr == 0 ||
1433 	    (mp = Paddr2mptr(P, symtab->sh_addr)) == NULL ||
1434 	    (fp = mp->map_file) == NULL) {
1435 		dprintf("fake_up_symtab: invalid section\n");
1436 		return;
1437 	}
1438 
1439 	if (fp->file_symtab.sym_data_pri != NULL) {
1440 		dprintf("Symbol table already loaded (sh_addr 0x%lx)\n",
1441 		    (long)symtab->sh_addr);
1442 		return;
1443 	}
1444 
1445 	if (P->status.pr_dmodel == PR_MODEL_ILP32) {
1446 		struct {
1447 			Elf32_Ehdr ehdr;
1448 			Elf32_Shdr shdr[3];
1449 			char data[1];
1450 		} *b;
1451 
1452 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1453 		size = base + symtab->sh_size + strtab->sh_size;
1454 
1455 		if ((b = calloc(1, size)) == NULL)
1456 			return;
1457 
1458 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1459 		    sizeof (ehdr->e_ident));
1460 		b->ehdr.e_type = ehdr->e_type;
1461 		b->ehdr.e_machine = ehdr->e_machine;
1462 		b->ehdr.e_version = ehdr->e_version;
1463 		b->ehdr.e_flags = ehdr->e_flags;
1464 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1465 		b->ehdr.e_shoff = sizeof (b->ehdr);
1466 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1467 		b->ehdr.e_shnum = 3;
1468 		off = 0;
1469 
1470 		b->shdr[1].sh_size = symtab->sh_size;
1471 		b->shdr[1].sh_type = SHT_SYMTAB;
1472 		b->shdr[1].sh_offset = off + base;
1473 		b->shdr[1].sh_entsize = sizeof (Elf32_Sym);
1474 		b->shdr[1].sh_link = 2;
1475 		b->shdr[1].sh_info =  symtab->sh_info;
1476 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1477 
1478 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1479 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1480 			dprintf("fake_up_symtab: pread of symtab[1] failed\n");
1481 			free(b);
1482 			return;
1483 		}
1484 
1485 		off += b->shdr[1].sh_size;
1486 
1487 		b->shdr[2].sh_flags = SHF_STRINGS;
1488 		b->shdr[2].sh_size = strtab->sh_size;
1489 		b->shdr[2].sh_type = SHT_STRTAB;
1490 		b->shdr[2].sh_offset = off + base;
1491 		b->shdr[2].sh_info =  strtab->sh_info;
1492 		b->shdr[2].sh_addralign = 1;
1493 
1494 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1495 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1496 			dprintf("fake_up_symtab: pread of symtab[2] failed\n");
1497 			free(b);
1498 			return;
1499 		}
1500 
1501 		off += b->shdr[2].sh_size;
1502 
1503 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1504 		if (fp->file_symtab.sym_elf == NULL) {
1505 			free(b);
1506 			return;
1507 		}
1508 
1509 		fp->file_symtab.sym_elfmem = b;
1510 #ifdef _LP64
1511 	} else {
1512 		struct {
1513 			Elf64_Ehdr ehdr;
1514 			Elf64_Shdr shdr[3];
1515 			char data[1];
1516 		} *b;
1517 
1518 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1519 		size = base + symtab->sh_size + strtab->sh_size;
1520 
1521 		if ((b = calloc(1, size)) == NULL)
1522 			return;
1523 
1524 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1525 		    sizeof (ehdr->e_ident));
1526 		b->ehdr.e_type = ehdr->e_type;
1527 		b->ehdr.e_machine = ehdr->e_machine;
1528 		b->ehdr.e_version = ehdr->e_version;
1529 		b->ehdr.e_flags = ehdr->e_flags;
1530 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1531 		b->ehdr.e_shoff = sizeof (b->ehdr);
1532 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1533 		b->ehdr.e_shnum = 3;
1534 		off = 0;
1535 
1536 		b->shdr[1].sh_size = symtab->sh_size;
1537 		b->shdr[1].sh_type = SHT_SYMTAB;
1538 		b->shdr[1].sh_offset = off + base;
1539 		b->shdr[1].sh_entsize = sizeof (Elf64_Sym);
1540 		b->shdr[1].sh_link = 2;
1541 		b->shdr[1].sh_info =  symtab->sh_info;
1542 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1543 
1544 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1545 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1546 			free(b);
1547 			return;
1548 		}
1549 
1550 		off += b->shdr[1].sh_size;
1551 
1552 		b->shdr[2].sh_flags = SHF_STRINGS;
1553 		b->shdr[2].sh_size = strtab->sh_size;
1554 		b->shdr[2].sh_type = SHT_STRTAB;
1555 		b->shdr[2].sh_offset = off + base;
1556 		b->shdr[2].sh_info =  strtab->sh_info;
1557 		b->shdr[2].sh_addralign = 1;
1558 
1559 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1560 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1561 			free(b);
1562 			return;
1563 		}
1564 
1565 		off += b->shdr[2].sh_size;
1566 
1567 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1568 		if (fp->file_symtab.sym_elf == NULL) {
1569 			free(b);
1570 			return;
1571 		}
1572 
1573 		fp->file_symtab.sym_elfmem = b;
1574 #endif
1575 	}
1576 
1577 	if ((scn = elf_getscn(fp->file_symtab.sym_elf, 1)) == NULL ||
1578 	    (fp->file_symtab.sym_data_pri = elf_getdata(scn, NULL)) == NULL ||
1579 	    (scn = elf_getscn(fp->file_symtab.sym_elf, 2)) == NULL ||
1580 	    (data = elf_getdata(scn, NULL)) == NULL) {
1581 		dprintf("fake_up_symtab: failed to get section data at %p\n",
1582 		    (void *)scn);
1583 		goto err;
1584 	}
1585 
1586 	fp->file_symtab.sym_strs = data->d_buf;
1587 	fp->file_symtab.sym_strsz = data->d_size;
1588 	fp->file_symtab.sym_symn = symtab->sh_size / symtab->sh_entsize;
1589 	fp->file_symtab.sym_hdr_pri = *symtab;
1590 	fp->file_symtab.sym_strhdr = *strtab;
1591 
1592 	optimize_symtab(&fp->file_symtab);
1593 
1594 	return;
1595 err:
1596 	(void) elf_end(fp->file_symtab.sym_elf);
1597 	free(fp->file_symtab.sym_elfmem);
1598 	fp->file_symtab.sym_elf = NULL;
1599 	fp->file_symtab.sym_elfmem = NULL;
1600 }
1601 
1602 static void
1603 core_phdr_to_gelf(const Elf32_Phdr *src, GElf_Phdr *dst)
1604 {
1605 	dst->p_type = src->p_type;
1606 	dst->p_flags = src->p_flags;
1607 	dst->p_offset = (Elf64_Off)src->p_offset;
1608 	dst->p_vaddr = (Elf64_Addr)src->p_vaddr;
1609 	dst->p_paddr = (Elf64_Addr)src->p_paddr;
1610 	dst->p_filesz = (Elf64_Xword)src->p_filesz;
1611 	dst->p_memsz = (Elf64_Xword)src->p_memsz;
1612 	dst->p_align = (Elf64_Xword)src->p_align;
1613 }
1614 
1615 static void
1616 core_shdr_to_gelf(const Elf32_Shdr *src, GElf_Shdr *dst)
1617 {
1618 	dst->sh_name = src->sh_name;
1619 	dst->sh_type = src->sh_type;
1620 	dst->sh_flags = (Elf64_Xword)src->sh_flags;
1621 	dst->sh_addr = (Elf64_Addr)src->sh_addr;
1622 	dst->sh_offset = (Elf64_Off)src->sh_offset;
1623 	dst->sh_size = (Elf64_Xword)src->sh_size;
1624 	dst->sh_link = src->sh_link;
1625 	dst->sh_info = src->sh_info;
1626 	dst->sh_addralign = (Elf64_Xword)src->sh_addralign;
1627 	dst->sh_entsize = (Elf64_Xword)src->sh_entsize;
1628 }
1629 
1630 /*
1631  * Perform elf_begin on efp->e_fd and verify the ELF file's type and class.
1632  */
1633 static int
1634 core_elf_fdopen(elf_file_t *efp, GElf_Half type, int *perr)
1635 {
1636 #ifdef _BIG_ENDIAN
1637 	uchar_t order = ELFDATA2MSB;
1638 #else
1639 	uchar_t order = ELFDATA2LSB;
1640 #endif
1641 	Elf32_Ehdr e32;
1642 	int is_noelf = -1;
1643 	int isa_err = 0;
1644 
1645 	/*
1646 	 * Because 32-bit libelf cannot deal with large files, we need to read,
1647 	 * check, and convert the file header manually in case type == ET_CORE.
1648 	 */
1649 	if (pread64(efp->e_fd, &e32, sizeof (e32), 0) != sizeof (e32)) {
1650 		if (perr != NULL)
1651 			*perr = G_FORMAT;
1652 		goto err;
1653 	}
1654 	if ((is_noelf = memcmp(&e32.e_ident[EI_MAG0], ELFMAG, SELFMAG)) != 0 ||
1655 	    e32.e_type != type || (isa_err = (e32.e_ident[EI_DATA] != order)) ||
1656 	    e32.e_version != EV_CURRENT) {
1657 		if (perr != NULL) {
1658 			if (is_noelf == 0 && isa_err) {
1659 				*perr = G_ISAINVAL;
1660 			} else {
1661 				*perr = G_FORMAT;
1662 			}
1663 		}
1664 		goto err;
1665 	}
1666 
1667 	/*
1668 	 * If the file is 64-bit and we are 32-bit, fail with G_LP64.  If the
1669 	 * file is 64-bit and we are 64-bit, re-read the header as a Elf64_Ehdr,
1670 	 * and convert it to a elf_file_header_t.  Otherwise, the file is
1671 	 * 32-bit, so convert e32 to a elf_file_header_t.
1672 	 */
1673 	if (e32.e_ident[EI_CLASS] == ELFCLASS64) {
1674 #ifdef _LP64
1675 		Elf64_Ehdr e64;
1676 
1677 		if (pread64(efp->e_fd, &e64, sizeof (e64), 0) != sizeof (e64)) {
1678 			if (perr != NULL)
1679 				*perr = G_FORMAT;
1680 			goto err;
1681 		}
1682 
1683 		(void) memcpy(efp->e_hdr.e_ident, e64.e_ident, EI_NIDENT);
1684 		efp->e_hdr.e_type = e64.e_type;
1685 		efp->e_hdr.e_machine = e64.e_machine;
1686 		efp->e_hdr.e_version = e64.e_version;
1687 		efp->e_hdr.e_entry = e64.e_entry;
1688 		efp->e_hdr.e_phoff = e64.e_phoff;
1689 		efp->e_hdr.e_shoff = e64.e_shoff;
1690 		efp->e_hdr.e_flags = e64.e_flags;
1691 		efp->e_hdr.e_ehsize = e64.e_ehsize;
1692 		efp->e_hdr.e_phentsize = e64.e_phentsize;
1693 		efp->e_hdr.e_phnum = (Elf64_Word)e64.e_phnum;
1694 		efp->e_hdr.e_shentsize = e64.e_shentsize;
1695 		efp->e_hdr.e_shnum = (Elf64_Word)e64.e_shnum;
1696 		efp->e_hdr.e_shstrndx = (Elf64_Word)e64.e_shstrndx;
1697 #else	/* _LP64 */
1698 		if (perr != NULL)
1699 			*perr = G_LP64;
1700 		goto err;
1701 #endif	/* _LP64 */
1702 	} else {
1703 		(void) memcpy(efp->e_hdr.e_ident, e32.e_ident, EI_NIDENT);
1704 		efp->e_hdr.e_type = e32.e_type;
1705 		efp->e_hdr.e_machine = e32.e_machine;
1706 		efp->e_hdr.e_version = e32.e_version;
1707 		efp->e_hdr.e_entry = (Elf64_Addr)e32.e_entry;
1708 		efp->e_hdr.e_phoff = (Elf64_Off)e32.e_phoff;
1709 		efp->e_hdr.e_shoff = (Elf64_Off)e32.e_shoff;
1710 		efp->e_hdr.e_flags = e32.e_flags;
1711 		efp->e_hdr.e_ehsize = e32.e_ehsize;
1712 		efp->e_hdr.e_phentsize = e32.e_phentsize;
1713 		efp->e_hdr.e_phnum = (Elf64_Word)e32.e_phnum;
1714 		efp->e_hdr.e_shentsize = e32.e_shentsize;
1715 		efp->e_hdr.e_shnum = (Elf64_Word)e32.e_shnum;
1716 		efp->e_hdr.e_shstrndx = (Elf64_Word)e32.e_shstrndx;
1717 	}
1718 
1719 	/*
1720 	 * If the number of section headers or program headers or the section
1721 	 * header string table index would overflow their respective fields
1722 	 * in the ELF header, they're stored in the section header at index
1723 	 * zero. To simplify use elsewhere, we look for those sentinel values
1724 	 * here.
1725 	 */
1726 	if ((efp->e_hdr.e_shnum == 0 && efp->e_hdr.e_shoff != 0) ||
1727 	    efp->e_hdr.e_shstrndx == SHN_XINDEX ||
1728 	    efp->e_hdr.e_phnum == PN_XNUM) {
1729 		GElf_Shdr shdr;
1730 
1731 		dprintf("extended ELF header\n");
1732 
1733 		if (efp->e_hdr.e_shoff == 0) {
1734 			if (perr != NULL)
1735 				*perr = G_FORMAT;
1736 			goto err;
1737 		}
1738 
1739 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1740 			Elf32_Shdr shdr32;
1741 
1742 			if (pread64(efp->e_fd, &shdr32, sizeof (shdr32),
1743 			    efp->e_hdr.e_shoff) != sizeof (shdr32)) {
1744 				if (perr != NULL)
1745 					*perr = G_FORMAT;
1746 				goto err;
1747 			}
1748 
1749 			core_shdr_to_gelf(&shdr32, &shdr);
1750 		} else {
1751 			if (pread64(efp->e_fd, &shdr, sizeof (shdr),
1752 			    efp->e_hdr.e_shoff) != sizeof (shdr)) {
1753 				if (perr != NULL)
1754 					*perr = G_FORMAT;
1755 				goto err;
1756 			}
1757 		}
1758 
1759 		if (efp->e_hdr.e_shnum == 0) {
1760 			efp->e_hdr.e_shnum = shdr.sh_size;
1761 			dprintf("section header count %lu\n",
1762 			    (ulong_t)shdr.sh_size);
1763 		}
1764 
1765 		if (efp->e_hdr.e_shstrndx == SHN_XINDEX) {
1766 			efp->e_hdr.e_shstrndx = shdr.sh_link;
1767 			dprintf("section string index %u\n", shdr.sh_link);
1768 		}
1769 
1770 		if (efp->e_hdr.e_phnum == PN_XNUM && shdr.sh_info != 0) {
1771 			efp->e_hdr.e_phnum = shdr.sh_info;
1772 			dprintf("program header count %u\n", shdr.sh_info);
1773 		}
1774 
1775 	} else if (efp->e_hdr.e_phoff != 0) {
1776 		GElf_Phdr phdr;
1777 		uint64_t phnum;
1778 
1779 		/*
1780 		 * It's possible this core file came from a system that
1781 		 * accidentally truncated the e_phnum field without correctly
1782 		 * using the extended format in the section header at index
1783 		 * zero. We try to detect and correct that specific type of
1784 		 * corruption by using the knowledge that the core dump
1785 		 * routines usually place the data referenced by the first
1786 		 * program header immediately after the last header element.
1787 		 */
1788 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1789 			Elf32_Phdr phdr32;
1790 
1791 			if (pread64(efp->e_fd, &phdr32, sizeof (phdr32),
1792 			    efp->e_hdr.e_phoff) != sizeof (phdr32)) {
1793 				if (perr != NULL)
1794 					*perr = G_FORMAT;
1795 				goto err;
1796 			}
1797 
1798 			core_phdr_to_gelf(&phdr32, &phdr);
1799 		} else {
1800 			if (pread64(efp->e_fd, &phdr, sizeof (phdr),
1801 			    efp->e_hdr.e_phoff) != sizeof (phdr)) {
1802 				if (perr != NULL)
1803 					*perr = G_FORMAT;
1804 				goto err;
1805 			}
1806 		}
1807 
1808 		phnum = phdr.p_offset - efp->e_hdr.e_ehsize -
1809 		    (uint64_t)efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
1810 		phnum /= efp->e_hdr.e_phentsize;
1811 
1812 		if (phdr.p_offset != 0 && phnum != efp->e_hdr.e_phnum) {
1813 			dprintf("suspicious program header count %u %u\n",
1814 			    (uint_t)phnum, efp->e_hdr.e_phnum);
1815 
1816 			/*
1817 			 * If the new program header count we computed doesn't
1818 			 * jive with count in the ELF header, we'll use the
1819 			 * data that's there and hope for the best.
1820 			 *
1821 			 * If it does, it's also possible that the section
1822 			 * header offset is incorrect; we'll check that and
1823 			 * possibly try to fix it.
1824 			 */
1825 			if (phnum <= INT_MAX &&
1826 			    (uint16_t)phnum == efp->e_hdr.e_phnum) {
1827 
1828 				if (efp->e_hdr.e_shoff == efp->e_hdr.e_phoff +
1829 				    efp->e_hdr.e_phentsize *
1830 				    (uint_t)efp->e_hdr.e_phnum) {
1831 					efp->e_hdr.e_shoff =
1832 					    efp->e_hdr.e_phoff +
1833 					    efp->e_hdr.e_phentsize * phnum;
1834 				}
1835 
1836 				efp->e_hdr.e_phnum = (Elf64_Word)phnum;
1837 				dprintf("using new program header count\n");
1838 			} else {
1839 				dprintf("inconsistent program header count\n");
1840 			}
1841 		}
1842 	}
1843 
1844 	/*
1845 	 * The libelf implementation was never ported to be large-file aware.
1846 	 * This is typically not a problem for your average executable or
1847 	 * shared library, but a large 32-bit core file can exceed 2GB in size.
1848 	 * So if type is ET_CORE, we don't bother doing elf_begin; the code
1849 	 * in Pfgrab_core() below will do its own i/o and struct conversion.
1850 	 */
1851 
1852 	if (type == ET_CORE) {
1853 		efp->e_elf = NULL;
1854 		return (0);
1855 	}
1856 
1857 	if ((efp->e_elf = elf_begin(efp->e_fd, ELF_C_READ, NULL)) == NULL) {
1858 		if (perr != NULL)
1859 			*perr = G_ELF;
1860 		goto err;
1861 	}
1862 
1863 	return (0);
1864 
1865 err:
1866 	efp->e_elf = NULL;
1867 	return (-1);
1868 }
1869 
1870 /*
1871  * Open the specified file and then do a core_elf_fdopen on it.
1872  */
1873 static int
1874 core_elf_open(elf_file_t *efp, const char *path, GElf_Half type, int *perr)
1875 {
1876 	(void) memset(efp, 0, sizeof (elf_file_t));
1877 
1878 	if ((efp->e_fd = open64(path, O_RDONLY)) >= 0) {
1879 		if (core_elf_fdopen(efp, type, perr) == 0)
1880 			return (0);
1881 
1882 		(void) close(efp->e_fd);
1883 		efp->e_fd = -1;
1884 	}
1885 
1886 	return (-1);
1887 }
1888 
1889 /*
1890  * Close the ELF handle and file descriptor.
1891  */
1892 static void
1893 core_elf_close(elf_file_t *efp)
1894 {
1895 	if (efp->e_elf != NULL) {
1896 		(void) elf_end(efp->e_elf);
1897 		efp->e_elf = NULL;
1898 	}
1899 
1900 	if (efp->e_fd != -1) {
1901 		(void) close(efp->e_fd);
1902 		efp->e_fd = -1;
1903 	}
1904 }
1905 
1906 /*
1907  * Given an ELF file for a statically linked executable, locate the likely
1908  * primary text section and fill in rl_base with its virtual address.
1909  */
1910 static map_info_t *
1911 core_find_text(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
1912 {
1913 	GElf_Phdr phdr;
1914 	uint_t i;
1915 	size_t nphdrs;
1916 
1917 	if (elf_getphdrnum(elf, &nphdrs) == -1)
1918 		return (NULL);
1919 
1920 	for (i = 0; i < nphdrs; i++) {
1921 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
1922 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_X)) {
1923 			rlp->rl_base = phdr.p_vaddr;
1924 			return (Paddr2mptr(P, rlp->rl_base));
1925 		}
1926 	}
1927 
1928 	return (NULL);
1929 }
1930 
1931 /*
1932  * Given an ELF file and the librtld_db structure corresponding to its primary
1933  * text mapping, deduce where its data segment was loaded and fill in
1934  * rl_data_base and prmap_t.pr_offset accordingly.
1935  */
1936 static map_info_t *
1937 core_find_data(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
1938 {
1939 	GElf_Ehdr ehdr;
1940 	GElf_Phdr phdr;
1941 	map_info_t *mp;
1942 	uint_t i, pagemask;
1943 	size_t nphdrs;
1944 
1945 	rlp->rl_data_base = (uintptr_t)NULL;
1946 
1947 	/*
1948 	 * Find the first loadable, writeable Phdr and compute rl_data_base
1949 	 * as the virtual address at which is was loaded.
1950 	 */
1951 	if (gelf_getehdr(elf, &ehdr) == NULL ||
1952 	    elf_getphdrnum(elf, &nphdrs) == -1)
1953 		return (NULL);
1954 
1955 	for (i = 0; i < nphdrs; i++) {
1956 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
1957 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_W)) {
1958 			rlp->rl_data_base = phdr.p_vaddr;
1959 			if (ehdr.e_type == ET_DYN)
1960 				rlp->rl_data_base += rlp->rl_base;
1961 			break;
1962 		}
1963 	}
1964 
1965 	/*
1966 	 * If we didn't find an appropriate phdr or if the address we
1967 	 * computed has no mapping, return NULL.
1968 	 */
1969 	if (rlp->rl_data_base == (uintptr_t)NULL ||
1970 	    (mp = Paddr2mptr(P, rlp->rl_data_base)) == NULL)
1971 		return (NULL);
1972 
1973 	/*
1974 	 * It wouldn't be procfs-related code if we didn't make use of
1975 	 * unclean knowledge of segvn, even in userland ... the prmap_t's
1976 	 * pr_offset field will be the segvn offset from mmap(2)ing the
1977 	 * data section, which will be the file offset & PAGEMASK.
1978 	 */
1979 	pagemask = ~(mp->map_pmap.pr_pagesize - 1);
1980 	mp->map_pmap.pr_offset = phdr.p_offset & pagemask;
1981 
1982 	return (mp);
1983 }
1984 
1985 /*
1986  * Librtld_db agent callback for iterating over load object mappings.
1987  * For each load object, we allocate a new file_info_t, perform naming,
1988  * and attempt to construct a symbol table for the load object.
1989  */
1990 static int
1991 core_iter_mapping(const rd_loadobj_t *rlp, struct ps_prochandle *P)
1992 {
1993 	core_info_t *core = P->data;
1994 	char lname[PATH_MAX], buf[PATH_MAX];
1995 	file_info_t *fp;
1996 	map_info_t *mp;
1997 
1998 	if (Pread_string(P, lname, PATH_MAX, (off_t)rlp->rl_nameaddr) <= 0) {
1999 		dprintf("failed to read name %p\n", (void *)rlp->rl_nameaddr);
2000 		return (1); /* Keep going; forget this if we can't get a name */
2001 	}
2002 
2003 	dprintf("rd_loadobj name = \"%s\" rl_base = %p\n",
2004 	    lname, (void *)rlp->rl_base);
2005 
2006 	if ((mp = Paddr2mptr(P, rlp->rl_base)) == NULL) {
2007 		dprintf("no mapping for %p\n", (void *)rlp->rl_base);
2008 		return (1); /* No mapping; advance to next mapping */
2009 	}
2010 
2011 	/*
2012 	 * Create a new file_info_t for this mapping, and therefore for
2013 	 * this load object.
2014 	 *
2015 	 * If there's an ELF header at the beginning of this mapping,
2016 	 * file_info_new() will try to use its section headers to
2017 	 * identify any other mappings that belong to this load object.
2018 	 */
2019 	if ((fp = mp->map_file) == NULL &&
2020 	    (fp = file_info_new(P, mp)) == NULL) {
2021 		core->core_errno = errno;
2022 		dprintf("failed to malloc mapping data\n");
2023 		return (0); /* Abort */
2024 	}
2025 	fp->file_map = mp;
2026 
2027 	/* Create a local copy of the load object representation */
2028 	if ((fp->file_lo = calloc(1, sizeof (rd_loadobj_t))) == NULL) {
2029 		core->core_errno = errno;
2030 		dprintf("failed to malloc mapping data\n");
2031 		return (0); /* Abort */
2032 	}
2033 	*fp->file_lo = *rlp;
2034 
2035 	if (lname[0] != '\0') {
2036 		/*
2037 		 * Naming dance part 1: if we got a name from librtld_db, then
2038 		 * copy this name to the prmap_t if it is unnamed.  If the
2039 		 * file_info_t is unnamed, name it after the lname.
2040 		 */
2041 		if (mp->map_pmap.pr_mapname[0] == '\0') {
2042 			(void) strncpy(mp->map_pmap.pr_mapname, lname, PRMAPSZ);
2043 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2044 		}
2045 
2046 		if (fp->file_lname == NULL)
2047 			fp->file_lname = strdup(lname);
2048 
2049 	} else if (fp->file_lname == NULL &&
2050 	    mp->map_pmap.pr_mapname[0] != '\0') {
2051 		/*
2052 		 * Naming dance part 2: if the mapping is named and the
2053 		 * file_info_t is not, name the file after the mapping.
2054 		 */
2055 		fp->file_lname = strdup(mp->map_pmap.pr_mapname);
2056 	}
2057 
2058 	if ((fp->file_rname == NULL) &&
2059 	    (Pfindmap(P, mp, buf, sizeof (buf)) != NULL))
2060 		fp->file_rname = strdup(buf);
2061 
2062 	if (fp->file_lname != NULL)
2063 		fp->file_lbase = basename(fp->file_lname);
2064 	if (fp->file_rname != NULL)
2065 		fp->file_rbase = basename(fp->file_rname);
2066 
2067 	/* Associate the file and the mapping. */
2068 	(void) strncpy(fp->file_pname, mp->map_pmap.pr_mapname, PRMAPSZ);
2069 	fp->file_pname[PRMAPSZ - 1] = '\0';
2070 
2071 	/*
2072 	 * If no section headers were available then we'll have to
2073 	 * identify this load object's other mappings with what we've
2074 	 * got: the start and end of the object's corresponding
2075 	 * address space.
2076 	 */
2077 	if (fp->file_saddrs == NULL) {
2078 		for (mp = fp->file_map + 1; mp < P->mappings + P->map_count &&
2079 		    mp->map_pmap.pr_vaddr < rlp->rl_bend; mp++) {
2080 
2081 			if (mp->map_file == NULL) {
2082 				dprintf("core_iter_mapping %s: associating "
2083 				    "segment at %p\n",
2084 				    fp->file_pname,
2085 				    (void *)mp->map_pmap.pr_vaddr);
2086 				mp->map_file = fp;
2087 				fp->file_ref++;
2088 			} else {
2089 				dprintf("core_iter_mapping %s: segment at "
2090 				    "%p already associated with %s\n",
2091 				    fp->file_pname,
2092 				    (void *)mp->map_pmap.pr_vaddr,
2093 				    (mp == fp->file_map ? "this file" :
2094 				    mp->map_file->file_pname));
2095 			}
2096 		}
2097 	}
2098 
2099 	/* Ensure that all this file's mappings are named. */
2100 	for (mp = fp->file_map; mp < P->mappings + P->map_count &&
2101 	    mp->map_file == fp; mp++) {
2102 		if (mp->map_pmap.pr_mapname[0] == '\0' &&
2103 		    !(mp->map_pmap.pr_mflags & MA_BREAK)) {
2104 			(void) strncpy(mp->map_pmap.pr_mapname, fp->file_pname,
2105 			    PRMAPSZ);
2106 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2107 		}
2108 	}
2109 
2110 	/* Attempt to build a symbol table for this file. */
2111 	Pbuild_file_symtab(P, fp);
2112 	if (fp->file_elf == NULL)
2113 		dprintf("core_iter_mapping: no symtab for %s\n",
2114 		    fp->file_pname);
2115 
2116 	/* Locate the start of a data segment associated with this file. */
2117 	if ((mp = core_find_data(P, fp->file_elf, fp->file_lo)) != NULL) {
2118 		dprintf("found data for %s at %p (pr_offset 0x%llx)\n",
2119 		    fp->file_pname, (void *)fp->file_lo->rl_data_base,
2120 		    mp->map_pmap.pr_offset);
2121 	} else {
2122 		dprintf("core_iter_mapping: no data found for %s\n",
2123 		    fp->file_pname);
2124 	}
2125 
2126 	return (1); /* Advance to next mapping */
2127 }
2128 
2129 /*
2130  * Callback function for Pfindexec().  In order to confirm a given pathname,
2131  * we verify that we can open it as an ELF file of type ET_EXEC or ET_DYN.
2132  */
2133 static int
2134 core_exec_open(const char *path, void *efp)
2135 {
2136 	if (core_elf_open(efp, path, ET_EXEC, NULL) == 0)
2137 		return (1);
2138 	if (core_elf_open(efp, path, ET_DYN, NULL) == 0)
2139 		return (1);
2140 	return (0);
2141 }
2142 
2143 /*
2144  * Attempt to load any section headers found in the core file.  If present,
2145  * this will refer to non-loadable data added to the core file by the kernel
2146  * based on coreadm(1M) settings, including CTF data and the symbol table.
2147  */
2148 static void
2149 core_load_shdrs(struct ps_prochandle *P, elf_file_t *efp)
2150 {
2151 	GElf_Shdr *shp, *shdrs = NULL;
2152 	char *shstrtab = NULL;
2153 	ulong_t shstrtabsz;
2154 	const char *name;
2155 	map_info_t *mp;
2156 
2157 	size_t nbytes;
2158 	void *buf;
2159 	int i;
2160 
2161 	if (efp->e_hdr.e_shstrndx >= efp->e_hdr.e_shnum) {
2162 		dprintf("corrupt shstrndx (%u) exceeds shnum (%u)\n",
2163 		    efp->e_hdr.e_shstrndx, efp->e_hdr.e_shnum);
2164 		return;
2165 	}
2166 
2167 	/*
2168 	 * Read the section header table from the core file and then iterate
2169 	 * over the section headers, converting each to a GElf_Shdr.
2170 	 */
2171 	if ((shdrs = malloc(efp->e_hdr.e_shnum * sizeof (GElf_Shdr))) == NULL) {
2172 		dprintf("failed to malloc %u section headers: %s\n",
2173 		    (uint_t)efp->e_hdr.e_shnum, strerror(errno));
2174 		return;
2175 	}
2176 
2177 	nbytes = efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
2178 	if ((buf = malloc(nbytes)) == NULL) {
2179 		dprintf("failed to malloc %d bytes: %s\n", (int)nbytes,
2180 		    strerror(errno));
2181 		free(shdrs);
2182 		goto out;
2183 	}
2184 
2185 	if (pread64(efp->e_fd, buf, nbytes, efp->e_hdr.e_shoff) != nbytes) {
2186 		dprintf("failed to read section headers at off %lld: %s\n",
2187 		    (longlong_t)efp->e_hdr.e_shoff, strerror(errno));
2188 		free(buf);
2189 		goto out;
2190 	}
2191 
2192 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2193 		void *p = (uchar_t *)buf + efp->e_hdr.e_shentsize * i;
2194 
2195 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32)
2196 			core_shdr_to_gelf(p, &shdrs[i]);
2197 		else
2198 			(void) memcpy(&shdrs[i], p, sizeof (GElf_Shdr));
2199 	}
2200 
2201 	free(buf);
2202 	buf = NULL;
2203 
2204 	/*
2205 	 * Read the .shstrtab section from the core file, terminating it with
2206 	 * an extra \0 so that a corrupt section will not cause us to die.
2207 	 */
2208 	shp = &shdrs[efp->e_hdr.e_shstrndx];
2209 	shstrtabsz = shp->sh_size;
2210 
2211 	if ((shstrtab = malloc(shstrtabsz + 1)) == NULL) {
2212 		dprintf("failed to allocate %lu bytes for shstrtab\n",
2213 		    (ulong_t)shstrtabsz);
2214 		goto out;
2215 	}
2216 
2217 	if (pread64(efp->e_fd, shstrtab, shstrtabsz,
2218 	    shp->sh_offset) != shstrtabsz) {
2219 		dprintf("failed to read %lu bytes of shstrs at off %lld: %s\n",
2220 		    shstrtabsz, (longlong_t)shp->sh_offset, strerror(errno));
2221 		goto out;
2222 	}
2223 
2224 	shstrtab[shstrtabsz] = '\0';
2225 
2226 	/*
2227 	 * Now iterate over each section in the section header table, locating
2228 	 * sections of interest and initializing more of the ps_prochandle.
2229 	 */
2230 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2231 		shp = &shdrs[i];
2232 		name = shstrtab + shp->sh_name;
2233 
2234 		if (shp->sh_name >= shstrtabsz) {
2235 			dprintf("skipping section [%d]: corrupt sh_name\n", i);
2236 			continue;
2237 		}
2238 
2239 		if (shp->sh_link >= efp->e_hdr.e_shnum) {
2240 			dprintf("skipping section [%d]: corrupt sh_link\n", i);
2241 			continue;
2242 		}
2243 
2244 		dprintf("found section header %s (sh_addr 0x%llx)\n",
2245 		    name, (u_longlong_t)shp->sh_addr);
2246 
2247 		if (strcmp(name, ".SUNW_ctf") == 0) {
2248 			if ((mp = Paddr2mptr(P, shp->sh_addr)) == NULL) {
2249 				dprintf("no map at addr 0x%llx for %s [%d]\n",
2250 				    (u_longlong_t)shp->sh_addr, name, i);
2251 				continue;
2252 			}
2253 
2254 			if (mp->map_file == NULL ||
2255 			    mp->map_file->file_ctf_buf != NULL) {
2256 				dprintf("no mapping file or duplicate buffer "
2257 				    "for %s [%d]\n", name, i);
2258 				continue;
2259 			}
2260 
2261 			if ((buf = malloc(shp->sh_size)) == NULL ||
2262 			    pread64(efp->e_fd, buf, shp->sh_size,
2263 			    shp->sh_offset) != shp->sh_size) {
2264 				dprintf("skipping section %s [%d]: %s\n",
2265 				    name, i, strerror(errno));
2266 				free(buf);
2267 				continue;
2268 			}
2269 
2270 			mp->map_file->file_ctf_size = shp->sh_size;
2271 			mp->map_file->file_ctf_buf = buf;
2272 
2273 			if (shdrs[shp->sh_link].sh_type == SHT_DYNSYM)
2274 				mp->map_file->file_ctf_dyn = 1;
2275 
2276 		} else if (strcmp(name, ".symtab") == 0) {
2277 			fake_up_symtab(P, &efp->e_hdr,
2278 			    shp, &shdrs[shp->sh_link]);
2279 		}
2280 	}
2281 out:
2282 	free(shstrtab);
2283 	free(shdrs);
2284 }
2285 
2286 /*
2287  * Main engine for core file initialization: given an fd for the core file
2288  * and an optional pathname, construct the ps_prochandle.  The aout_path can
2289  * either be a suggested executable pathname, or a suggested directory to
2290  * use as a possible current working directory.
2291  */
2292 struct ps_prochandle *
2293 Pfgrab_core(int core_fd, const char *aout_path, int *perr)
2294 {
2295 	struct ps_prochandle *P;
2296 	core_info_t *core_info;
2297 	map_info_t *stk_mp, *brk_mp;
2298 	const char *execname;
2299 	char *interp;
2300 	int i, notes, pagesize;
2301 	uintptr_t addr, base_addr;
2302 	struct stat64 stbuf;
2303 	void *phbuf, *php;
2304 	size_t nbytes;
2305 #ifdef __x86
2306 	boolean_t from_linux = B_FALSE;
2307 #endif
2308 
2309 	elf_file_t aout;
2310 	elf_file_t core;
2311 
2312 	Elf_Scn *scn, *intp_scn = NULL;
2313 	Elf_Data *dp;
2314 
2315 	GElf_Phdr phdr, note_phdr;
2316 	GElf_Shdr shdr;
2317 	GElf_Xword nleft;
2318 
2319 	if (elf_version(EV_CURRENT) == EV_NONE) {
2320 		dprintf("libproc ELF version is more recent than libelf\n");
2321 		*perr = G_ELF;
2322 		return (NULL);
2323 	}
2324 
2325 	aout.e_elf = NULL;
2326 	aout.e_fd = -1;
2327 
2328 	core.e_elf = NULL;
2329 	core.e_fd = core_fd;
2330 
2331 	/*
2332 	 * Allocate and initialize a ps_prochandle structure for the core.
2333 	 * There are several key pieces of initialization here:
2334 	 *
2335 	 * 1. The PS_DEAD state flag marks this prochandle as a core file.
2336 	 *    PS_DEAD also thus prevents all operations which require state
2337 	 *    to be PS_STOP from operating on this handle.
2338 	 *
2339 	 * 2. We keep the core file fd in P->asfd since the core file contains
2340 	 *    the remnants of the process address space.
2341 	 *
2342 	 * 3. We set the P->info_valid bit because all information about the
2343 	 *    core is determined by the end of this function; there is no need
2344 	 *    for proc_update_maps() to reload mappings at any later point.
2345 	 *
2346 	 * 4. The read/write ops vector uses our core_rw() function defined
2347 	 *    above to handle i/o requests.
2348 	 */
2349 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
2350 		*perr = G_STRANGE;
2351 		return (NULL);
2352 	}
2353 
2354 	(void) memset(P, 0, sizeof (struct ps_prochandle));
2355 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
2356 	P->state = PS_DEAD;
2357 	P->pid = (pid_t)-1;
2358 	P->asfd = core.e_fd;
2359 	P->ctlfd = -1;
2360 	P->statfd = -1;
2361 	P->agentctlfd = -1;
2362 	P->agentstatfd = -1;
2363 	P->zoneroot = NULL;
2364 	P->info_valid = 1;
2365 	Pinit_ops(&P->ops, &P_core_ops);
2366 
2367 	Pinitsym(P);
2368 
2369 	/*
2370 	 * Fstat and open the core file and make sure it is a valid ELF core.
2371 	 */
2372 	if (fstat64(P->asfd, &stbuf) == -1) {
2373 		*perr = G_STRANGE;
2374 		goto err;
2375 	}
2376 
2377 	if (core_elf_fdopen(&core, ET_CORE, perr) == -1)
2378 		goto err;
2379 
2380 	/*
2381 	 * Allocate and initialize a core_info_t to hang off the ps_prochandle
2382 	 * structure.  We keep all core-specific information in this structure.
2383 	 */
2384 	if ((core_info = calloc(1, sizeof (core_info_t))) == NULL) {
2385 		*perr = G_STRANGE;
2386 		goto err;
2387 	}
2388 
2389 	P->data = core_info;
2390 	list_link(&core_info->core_lwp_head, NULL);
2391 	core_info->core_size = stbuf.st_size;
2392 	/*
2393 	 * In the days before adjustable core file content, this was the
2394 	 * default core file content. For new core files, this value will
2395 	 * be overwritten by the NT_CONTENT note section.
2396 	 */
2397 	core_info->core_content = CC_CONTENT_STACK | CC_CONTENT_HEAP |
2398 	    CC_CONTENT_DATA | CC_CONTENT_RODATA | CC_CONTENT_ANON |
2399 	    CC_CONTENT_SHANON;
2400 
2401 	switch (core.e_hdr.e_ident[EI_CLASS]) {
2402 	case ELFCLASS32:
2403 		core_info->core_dmodel = PR_MODEL_ILP32;
2404 		break;
2405 	case ELFCLASS64:
2406 		core_info->core_dmodel = PR_MODEL_LP64;
2407 		break;
2408 	default:
2409 		*perr = G_FORMAT;
2410 		goto err;
2411 	}
2412 	core_info->core_osabi = core.e_hdr.e_ident[EI_OSABI];
2413 
2414 	/*
2415 	 * Because the core file may be a large file, we can't use libelf to
2416 	 * read the Phdrs.  We use e_phnum and e_phentsize to simplify things.
2417 	 */
2418 	nbytes = core.e_hdr.e_phnum * core.e_hdr.e_phentsize;
2419 
2420 	if ((phbuf = malloc(nbytes)) == NULL) {
2421 		*perr = G_STRANGE;
2422 		goto err;
2423 	}
2424 
2425 	if (pread64(core_fd, phbuf, nbytes, core.e_hdr.e_phoff) != nbytes) {
2426 		*perr = G_STRANGE;
2427 		free(phbuf);
2428 		goto err;
2429 	}
2430 
2431 	/*
2432 	 * Iterate through the program headers in the core file.
2433 	 * We're interested in two types of Phdrs: PT_NOTE (which
2434 	 * contains a set of saved /proc structures), and PT_LOAD (which
2435 	 * represents a memory mapping from the process's address space).
2436 	 * In the case of PT_NOTE, we're interested in the last PT_NOTE
2437 	 * in the core file; currently the first PT_NOTE (if present)
2438 	 * contains /proc structs in the pre-2.6 unstructured /proc format.
2439 	 */
2440 	for (php = phbuf, notes = 0, i = 0; i < core.e_hdr.e_phnum; i++) {
2441 		if (core.e_hdr.e_ident[EI_CLASS] == ELFCLASS64)
2442 			(void) memcpy(&phdr, php, sizeof (GElf_Phdr));
2443 		else
2444 			core_phdr_to_gelf(php, &phdr);
2445 
2446 		switch (phdr.p_type) {
2447 		case PT_NOTE:
2448 			note_phdr = phdr;
2449 			notes++;
2450 			break;
2451 
2452 		case PT_LOAD:
2453 			if (core_add_mapping(P, &phdr) == -1) {
2454 				*perr = G_STRANGE;
2455 				free(phbuf);
2456 				goto err;
2457 			}
2458 			break;
2459 		default:
2460 			dprintf("Pgrab_core: unknown phdr %d\n", phdr.p_type);
2461 			break;
2462 		}
2463 
2464 		php = (char *)php + core.e_hdr.e_phentsize;
2465 	}
2466 
2467 	free(phbuf);
2468 
2469 	Psort_mappings(P);
2470 
2471 	/*
2472 	 * If we couldn't find anything of type PT_NOTE, or only one PT_NOTE
2473 	 * was present, abort.  The core file is either corrupt or too old.
2474 	 */
2475 	if (notes == 0 || (notes == 1 && core_info->core_osabi ==
2476 	    ELFOSABI_SOLARIS)) {
2477 		*perr = G_NOTE;
2478 		goto err;
2479 	}
2480 
2481 	/*
2482 	 * Advance the seek pointer to the start of the PT_NOTE data
2483 	 */
2484 	if (lseek64(P->asfd, note_phdr.p_offset, SEEK_SET) == (off64_t)-1) {
2485 		dprintf("Pgrab_core: failed to lseek to PT_NOTE data\n");
2486 		*perr = G_STRANGE;
2487 		goto err;
2488 	}
2489 
2490 	/*
2491 	 * Now process the PT_NOTE structures.  Each one is preceded by
2492 	 * an Elf{32/64}_Nhdr structure describing its type and size.
2493 	 *
2494 	 *  +--------+
2495 	 *  | header |
2496 	 *  +--------+
2497 	 *  | name   |
2498 	 *  | ...    |
2499 	 *  +--------+
2500 	 *  | desc   |
2501 	 *  | ...    |
2502 	 *  +--------+
2503 	 */
2504 	for (nleft = note_phdr.p_filesz; nleft > 0; ) {
2505 		Elf64_Nhdr nhdr;
2506 		off64_t off, namesz, descsz;
2507 
2508 		/*
2509 		 * Although <sys/elf.h> defines both Elf32_Nhdr and Elf64_Nhdr
2510 		 * as different types, they are both of the same content and
2511 		 * size, so we don't need to worry about 32/64 conversion here.
2512 		 */
2513 		if (read(P->asfd, &nhdr, sizeof (nhdr)) != sizeof (nhdr)) {
2514 			dprintf("Pgrab_core: failed to read ELF note header\n");
2515 			*perr = G_NOTE;
2516 			goto err;
2517 		}
2518 
2519 		/*
2520 		 * According to the System V ABI, the amount of padding
2521 		 * following the name field should align the description
2522 		 * field on a 4 byte boundary for 32-bit binaries or on an 8
2523 		 * byte boundary for 64-bit binaries. However, this change
2524 		 * was not made correctly during the 64-bit port so all
2525 		 * descriptions can assume only 4-byte alignment. We ignore
2526 		 * the name field and the padding to 4-byte alignment.
2527 		 */
2528 		namesz = P2ROUNDUP((off64_t)nhdr.n_namesz, (off64_t)4);
2529 
2530 		if (lseek64(P->asfd, namesz, SEEK_CUR) == (off64_t)-1) {
2531 			dprintf("failed to seek past name and padding\n");
2532 			*perr = G_STRANGE;
2533 			goto err;
2534 		}
2535 
2536 		dprintf("Note hdr n_type=%u n_namesz=%u n_descsz=%u\n",
2537 		    nhdr.n_type, nhdr.n_namesz, nhdr.n_descsz);
2538 
2539 		off = lseek64(P->asfd, (off64_t)0L, SEEK_CUR);
2540 
2541 		/*
2542 		 * Invoke the note handler function from our table
2543 		 */
2544 		if (nhdr.n_type < sizeof (nhdlrs) / sizeof (nhdlrs[0])) {
2545 			if (nhdlrs[nhdr.n_type](P, nhdr.n_descsz) < 0) {
2546 				dprintf("handler for type %d returned < 0",
2547 				    nhdr.n_type);
2548 				*perr = G_NOTE;
2549 				goto err;
2550 			}
2551 			/*
2552 			 * The presence of either of these notes indicates that
2553 			 * the dump was generated on Linux.
2554 			 */
2555 #ifdef __x86
2556 			if (nhdr.n_type == NT_PRSTATUS ||
2557 			    nhdr.n_type == NT_PRPSINFO)
2558 				from_linux = B_TRUE;
2559 #endif
2560 		} else {
2561 			(void) note_notsup(P, nhdr.n_descsz);
2562 		}
2563 
2564 		/*
2565 		 * Seek past the current note data to the next Elf_Nhdr
2566 		 */
2567 		descsz = P2ROUNDUP((off64_t)nhdr.n_descsz, (off64_t)4);
2568 		if (lseek64(P->asfd, off + descsz, SEEK_SET) == (off64_t)-1) {
2569 			dprintf("Pgrab_core: failed to seek to next nhdr\n");
2570 			*perr = G_STRANGE;
2571 			goto err;
2572 		}
2573 
2574 		/*
2575 		 * Subtract the size of the header and its data from what
2576 		 * we have left to process.
2577 		 */
2578 		nleft -= sizeof (nhdr) + namesz + descsz;
2579 	}
2580 
2581 #ifdef __x86
2582 	if (from_linux) {
2583 		size_t tcount, pid;
2584 		lwp_info_t *lwp;
2585 
2586 		P->status.pr_dmodel = core_info->core_dmodel;
2587 
2588 		lwp = list_next(&core_info->core_lwp_head);
2589 
2590 		pid = P->status.pr_pid;
2591 
2592 		for (tcount = 0; tcount < core_info->core_nlwp;
2593 		    tcount++, lwp = list_next(lwp)) {
2594 			dprintf("Linux thread with id %d\n", lwp->lwp_id);
2595 
2596 			/*
2597 			 * In the case we don't have a valid psinfo (i.e. pid is
2598 			 * 0, probably because of gdb creating the core) assume
2599 			 * lowest pid count is the first thread (what if the
2600 			 * next thread wraps the pid around?)
2601 			 */
2602 			if (P->status.pr_pid == 0 &&
2603 			    ((pid == 0 && lwp->lwp_id > 0) ||
2604 			    (lwp->lwp_id < pid))) {
2605 				pid = lwp->lwp_id;
2606 			}
2607 		}
2608 
2609 		if (P->status.pr_pid != pid) {
2610 			dprintf("No valid pid, setting to %ld\n", (ulong_t)pid);
2611 			P->status.pr_pid = pid;
2612 			P->psinfo.pr_pid = pid;
2613 		}
2614 
2615 		/*
2616 		 * Consumers like mdb expect the first thread to actually have
2617 		 * an id of 1, on linux that is actually the pid. Find the the
2618 		 * thread with our process id, and set the id to 1
2619 		 */
2620 		if ((lwp = lwpid2info(P, pid)) == NULL) {
2621 			dprintf("Couldn't find first thread\n");
2622 			*perr = G_STRANGE;
2623 			goto err;
2624 		}
2625 
2626 		dprintf("setting representative thread: %d\n", lwp->lwp_id);
2627 
2628 		lwp->lwp_id = 1;
2629 		lwp->lwp_status.pr_lwpid = 1;
2630 
2631 		/* set representative thread */
2632 		(void) memcpy(&P->status.pr_lwp, &lwp->lwp_status,
2633 		    sizeof (P->status.pr_lwp));
2634 	}
2635 #endif /* __x86 */
2636 
2637 	if (nleft != 0) {
2638 		dprintf("Pgrab_core: note section malformed\n");
2639 		*perr = G_STRANGE;
2640 		goto err;
2641 	}
2642 
2643 	if ((pagesize = Pgetauxval(P, AT_PAGESZ)) == -1) {
2644 		pagesize = getpagesize();
2645 		dprintf("AT_PAGESZ missing; defaulting to %d\n", pagesize);
2646 	}
2647 
2648 	/*
2649 	 * Locate and label the mappings corresponding to the end of the
2650 	 * heap (MA_BREAK) and the base of the stack (MA_STACK).
2651 	 */
2652 	if ((P->status.pr_brkbase != 0 || P->status.pr_brksize != 0) &&
2653 	    (brk_mp = Paddr2mptr(P, P->status.pr_brkbase +
2654 	    P->status.pr_brksize - 1)) != NULL)
2655 		brk_mp->map_pmap.pr_mflags |= MA_BREAK;
2656 	else
2657 		brk_mp = NULL;
2658 
2659 	if ((stk_mp = Paddr2mptr(P, P->status.pr_stkbase)) != NULL)
2660 		stk_mp->map_pmap.pr_mflags |= MA_STACK;
2661 
2662 	/*
2663 	 * At this point, we have enough information to look for the
2664 	 * executable and open it: we have access to the auxv, a psinfo_t,
2665 	 * and the ability to read from mappings provided by the core file.
2666 	 */
2667 	(void) Pfindexec(P, aout_path, core_exec_open, &aout);
2668 	dprintf("P->execname = \"%s\"\n", P->execname ? P->execname : "NULL");
2669 	execname = P->execname ? P->execname : "a.out";
2670 
2671 	/*
2672 	 * Iterate through the sections, looking for the .dynamic and .interp
2673 	 * sections.  If we encounter them, remember their section pointers.
2674 	 */
2675 	for (scn = NULL; (scn = elf_nextscn(aout.e_elf, scn)) != NULL; ) {
2676 		char *sname;
2677 
2678 		if ((gelf_getshdr(scn, &shdr) == NULL) ||
2679 		    (sname = elf_strptr(aout.e_elf, aout.e_hdr.e_shstrndx,
2680 		    (size_t)shdr.sh_name)) == NULL)
2681 			continue;
2682 
2683 		if (strcmp(sname, ".interp") == 0)
2684 			intp_scn = scn;
2685 	}
2686 
2687 	/*
2688 	 * Get the AT_BASE auxv element.  If this is missing (-1), then
2689 	 * we assume this is a statically-linked executable.
2690 	 */
2691 	base_addr = Pgetauxval(P, AT_BASE);
2692 
2693 	/*
2694 	 * In order to get librtld_db initialized, we'll need to identify
2695 	 * and name the mapping corresponding to the run-time linker.  The
2696 	 * AT_BASE auxv element tells us the address where it was mapped,
2697 	 * and the .interp section of the executable tells us its path.
2698 	 * If for some reason that doesn't pan out, just use ld.so.1.
2699 	 */
2700 	if (intp_scn != NULL && (dp = elf_getdata(intp_scn, NULL)) != NULL &&
2701 	    dp->d_size != 0) {
2702 		dprintf(".interp = <%s>\n", (char *)dp->d_buf);
2703 		interp = dp->d_buf;
2704 
2705 	} else if (base_addr != (uintptr_t)-1L) {
2706 		if (core_info->core_dmodel == PR_MODEL_LP64)
2707 			interp = "/usr/lib/64/ld.so.1";
2708 		else
2709 			interp = "/usr/lib/ld.so.1";
2710 
2711 		dprintf(".interp section is missing or could not be read; "
2712 		    "defaulting to %s\n", interp);
2713 	} else
2714 		dprintf("detected statically linked executable\n");
2715 
2716 	/*
2717 	 * If we have an AT_BASE element, name the mapping at that address
2718 	 * using the interpreter pathname.  Name the corresponding data
2719 	 * mapping after the interpreter as well.
2720 	 */
2721 	if (base_addr != (uintptr_t)-1L) {
2722 		elf_file_t intf;
2723 
2724 		P->map_ldso = core_name_mapping(P, base_addr, interp);
2725 
2726 		if (core_elf_open(&intf, interp, ET_DYN, NULL) == 0) {
2727 			rd_loadobj_t rl;
2728 			map_info_t *dmp;
2729 
2730 			rl.rl_base = base_addr;
2731 			dmp = core_find_data(P, intf.e_elf, &rl);
2732 
2733 			if (dmp != NULL) {
2734 				dprintf("renamed data at %p to %s\n",
2735 				    (void *)rl.rl_data_base, interp);
2736 				(void) strncpy(dmp->map_pmap.pr_mapname,
2737 				    interp, PRMAPSZ);
2738 				dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2739 			}
2740 		}
2741 
2742 		core_elf_close(&intf);
2743 	}
2744 
2745 	/*
2746 	 * If we have an AT_ENTRY element, name the mapping at that address
2747 	 * using the special name "a.out" just like /proc does.
2748 	 */
2749 	if ((addr = Pgetauxval(P, AT_ENTRY)) != (uintptr_t)-1L)
2750 		P->map_exec = core_name_mapping(P, addr, "a.out");
2751 
2752 	/*
2753 	 * If we're a statically linked executable (or we're on x86 and looking
2754 	 * at a Linux core dump), then just locate the executable's text and
2755 	 * data and name them after the executable.
2756 	 */
2757 #ifndef __x86
2758 	if (base_addr == (uintptr_t)-1L) {
2759 #else
2760 	if (base_addr == (uintptr_t)-1L || from_linux) {
2761 #endif
2762 		dprintf("looking for text and data: %s\n", execname);
2763 		map_info_t *tmp, *dmp;
2764 		file_info_t *fp;
2765 		rd_loadobj_t rl;
2766 
2767 		if ((tmp = core_find_text(P, aout.e_elf, &rl)) != NULL &&
2768 		    (dmp = core_find_data(P, aout.e_elf, &rl)) != NULL) {
2769 			(void) strncpy(tmp->map_pmap.pr_mapname,
2770 			    execname, PRMAPSZ);
2771 			tmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2772 			(void) strncpy(dmp->map_pmap.pr_mapname,
2773 			    execname, PRMAPSZ);
2774 			dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2775 		}
2776 
2777 		if ((P->map_exec = tmp) != NULL &&
2778 		    (fp = malloc(sizeof (file_info_t))) != NULL) {
2779 
2780 			(void) memset(fp, 0, sizeof (file_info_t));
2781 
2782 			list_link(fp, &P->file_head);
2783 			tmp->map_file = fp;
2784 			P->num_files++;
2785 
2786 			fp->file_ref = 1;
2787 			fp->file_fd = -1;
2788 
2789 			fp->file_lo = malloc(sizeof (rd_loadobj_t));
2790 			fp->file_lname = strdup(execname);
2791 
2792 			if (fp->file_lo)
2793 				*fp->file_lo = rl;
2794 			if (fp->file_lname)
2795 				fp->file_lbase = basename(fp->file_lname);
2796 			if (fp->file_rname)
2797 				fp->file_rbase = basename(fp->file_rname);
2798 
2799 			(void) strcpy(fp->file_pname,
2800 			    P->mappings[0].map_pmap.pr_mapname);
2801 			fp->file_map = tmp;
2802 
2803 			Pbuild_file_symtab(P, fp);
2804 
2805 			if (dmp != NULL) {
2806 				dmp->map_file = fp;
2807 				fp->file_ref++;
2808 			}
2809 		}
2810 	}
2811 
2812 	core_elf_close(&aout);
2813 
2814 	/*
2815 	 * We now have enough information to initialize librtld_db.
2816 	 * After it warms up, we can iterate through the load object chain
2817 	 * in the core, which will allow us to construct the file info
2818 	 * we need to provide symbol information for the other shared
2819 	 * libraries, and also to fill in the missing mapping names.
2820 	 */
2821 	rd_log(_libproc_debug);
2822 
2823 	if ((P->rap = rd_new(P)) != NULL) {
2824 		(void) rd_loadobj_iter(P->rap, (rl_iter_f *)
2825 		    core_iter_mapping, P);
2826 
2827 		if (core_info->core_errno != 0) {
2828 			errno = core_info->core_errno;
2829 			*perr = G_STRANGE;
2830 			goto err;
2831 		}
2832 	} else
2833 		dprintf("failed to initialize rtld_db agent\n");
2834 
2835 	/*
2836 	 * If there are sections, load them and process the data from any
2837 	 * sections that we can use to annotate the file_info_t's.
2838 	 */
2839 	core_load_shdrs(P, &core);
2840 
2841 	/*
2842 	 * If we previously located a stack or break mapping, and they are
2843 	 * still anonymous, we now assume that they were MAP_ANON mappings.
2844 	 * If brk_mp turns out to now have a name, then the heap is still
2845 	 * sitting at the end of the executable's data+bss mapping: remove
2846 	 * the previous MA_BREAK setting to be consistent with /proc.
2847 	 */
2848 	if (stk_mp != NULL && stk_mp->map_pmap.pr_mapname[0] == '\0')
2849 		stk_mp->map_pmap.pr_mflags |= MA_ANON;
2850 	if (brk_mp != NULL && brk_mp->map_pmap.pr_mapname[0] == '\0')
2851 		brk_mp->map_pmap.pr_mflags |= MA_ANON;
2852 	else if (brk_mp != NULL)
2853 		brk_mp->map_pmap.pr_mflags &= ~MA_BREAK;
2854 
2855 	*perr = 0;
2856 	return (P);
2857 
2858 err:
2859 	Pfree(P);
2860 	core_elf_close(&aout);
2861 	return (NULL);
2862 }
2863 
2864 /*
2865  * Grab a core file using a pathname.  We just open it and call Pfgrab_core().
2866  */
2867 struct ps_prochandle *
2868 Pgrab_core(const char *core, const char *aout, int gflag, int *perr)
2869 {
2870 	int fd, oflag = (gflag & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
2871 
2872 	if ((fd = open64(core, oflag)) >= 0)
2873 		return (Pfgrab_core(fd, aout, perr));
2874 
2875 	if (errno != ENOENT)
2876 		*perr = G_STRANGE;
2877 	else
2878 		*perr = G_NOCORE;
2879 
2880 	return (NULL);
2881 }
2882